[Samba] Kerberos authentication issue after upgrading from 4-14-stable to 4-15-stable

Alex samba at abisoft.biz
Fri Jan 28 06:43:37 UTC 2022


>> It's not a problem with nslcd or anything like that. Something has
>> changed in 4.15 and I'd like to find out what and how to get things
>> back to work..

> You have correctly managed to work past the noise and deduced that if
> the client stays the same but the change in the server version gives a
> different result, that they server change is the issue.  

> (Yes, sometimes the fix is to change the client, eg change to NTLMv2
> because NTLM was disabled, but you get my point).

> A full .pcap file might be illuminating, as might just looking at the
> difference in the server logs, but skilled as I am, I can't parse
> Kerberos packets by eye.

I've just sent the pcaps to you directly.

> We did change some kerberos encryption ordering in 4.15, and fixed it
> in a later version, are you running the latest release?

[root at vm-dc4 samba]# git status
On branch v4-15-stable
Your branch is up to date with 'origin/v4-15-stable'.

nothing to commit, working tree clean
[root at vm-dc4 samba]# git rev-parse HEAD

> My feeling certainly is that the account has an AES key, and so Samba
> is expecting an AES encrypted enc-ts challenge, or at least your client
> is wanting to provide that but only has an RC4 key.

I tried to add other encryption algorithms but they don't work for some reason (even with Samba 4.14).

Please, let me know your findings after checking the pcaps.

Best regards,

More information about the samba mailing list