[Samba] Windows login problem to a Samba AD DC

Andrew Bartlett abartlet at samba.org
Wed Nov 24 17:32:16 UTC 2021 

On Wed, 2021-11-24 at 12:20 -0300, tizo via samba wrote:
> I have a pristine Samba AD DC installed (Samba 4.15 in Rocky Linux
> 8.5). I
> have joined a Windows 10 client without any problems. After
> restarting, I
> try to login with a test user (the only user aside from the
> administrator),
> and it keeps saying "Username or password is incorrect" (maybe this
> is not
> the exact translation, as the language is Spanish). Moreover, I am
> almost
> sure that the password is the right one, as I have tested it with
> kinit in
> the Samba AD DC server. I have also tested with the administrator
> user with
> the same results. It seems to me that Windows doesn't even try to
> contact
> Samba AD DC, as the message is displayed very fast (and no useful
> information is logged in Samba AD DC).

Very likely fixed by this commit in 4.15.1:

commit be8fb0218af1a1529cd7a349a57a11dbfaeb7368
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date:   Fri Oct 8 15:53:47 2021 +1300

    heimdal:kdc: Only check for default salt for des-cbc-crc enctype
    
    Previously, this algorithm was preferring RC4 over AES for machine
    accounts in the preauth case. This is because AES keys for machine
    accounts in Active Directory use a non-default salt, while RC4 keys
do
    not use a salt. To avoid this behaviour, only prefer keys with
default
    salt for the des-cbc-crc enctype.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14864
    
    Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit
8e1efd8bd3bf698dc0b6ed2081919f49b1412b53)
    
    Autobuild-User(v4-15-test): Jule Anger <janger at samba.org>
    Autobuild-Date(v4-15-test): Fri Oct 22 08:39:30 UTC 2021 on sn-
devel-184

Sorry for the regression,

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions

More information about the samba mailing list