[Samba] Windows 11 22h1 Beta (Build 22581) client refuses to auth with Samba DC

Luke Barone lukebarone at gmail.com
Fri Apr 8 17:14:55 UTC 2022

This is happening to me on Build 22593 as well. I created a new Win11 VM,
ran all the Windows Updates, and cannot join it to a domain setup with only
Samba Domain Controllers. I tried a standard user account, my account
(member of the Domain Admins group), and the Domain Administrator account,
all saying "Incorrect username and password".

If someone can show me how to turn the logging for join events on the
domain controller, I'd get those errors. In the Windows Event Log, it's
failing with error 1326.

I got it joined just now by using "*username at ad.domain.com
<username at ad.domain.com>*" instead of just *username* or *AD\username*.
However, I cannot sign in (using anything at all).

On Sun, Apr 3, 2022 at 7:07 PM Andrew Bartlett via samba <
samba at lists.samba.org> wrote:

> On Fri, 2022-04-01 at 15:18 -0500, Daniel Givens via samba wrote:
> > I wanted to be sure you all were aware of an issue that's come up in
> > recent Insider builds of Windows 11. I upgraded my local Windows 11
> > to the most recent beta build 22581 and had to roll back because I
> > was unable to login to the system. The logs on my Samba domain
> > controller indicate the authentication is successful, but Windows
> > says I entered an incorrect password.
> >
> > According to the u/BFeely1, in a Reddit post[1], they've submitted
> > feedback about it, but I don't have much hope Microsoft is going to
> > make it a high priority to resolve. I wasn't able to find any reports
> > to this mailing list or in any Samba related bug tracking for the
> > project or any distribution trackers mentioning the issue.
> >
> > I would like to help if I can, but I would need some direction on
> > what info would be useful.
> Thanks.  Given your description, it is going to be difficult to fix
> this - far easier if Samba is rejecting the request.
> If a Samba developer was to raise this with Microsoft, I think they
> first thing MS would want would be a paired network (wireshark PCAP or
> PCAPng) and TTD trace.
> https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-debugging-record
> A comparative trace with a windows DC joined to the same domain,
> alongside a full keytab (samba-tool domain exportkeytab) for that
> (TEST!) domain would also be very useful.
> Sadly I've not had any customers ask about this yet, so I've not been
> able to put any time into this myself.
> Sorry,
> Andrew Bartlett
> --
> Andrew Bartlett (he/him)       https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba
> Samba Development and Support, Catalyst IT - Expert Open Source
> Solutions
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list