[Samba] issue joining domain and now logging in
Diego Franchini
diego.tartol at gmail.com
Wed Oct 12 18:21:59 UTC 2022
this is an extract from my post on superuser and serverfault. I've been
suggested to seek help here too.
I'm constantly trying new solutions, literally anything I can find online,
but to this day nothing has completely fixed it.
*DISCLAMER:*
I'm still trying to fully learn and understand how to properly maintain a
samba domain controller.
*The Problem:*
I had a working samba installation with AD controlle but now, just a month
after my last computer join, it won't work anymore. On Windows it says
"unknown user or password" but I've checked them to be correct.
I tried setting the log level to 3 in "smb.conf" and while trying to join a
computer this gets logged:
[2022/10/04 12:11:58.018256, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ admuser at example.net from ipv4:172.27.2.58:50124 for
krbtgt/example.net at example.net
[2022/10/04 12:11:58.039839, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: 128
[2022/10/04 12:11:58.040080, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- admuser at example.net
[2022/10/04 12:11:58.040191, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- admuser at example.net
[2022/10/04 12:11:58.040341, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- admuser at example.net
[2022/10/04 12:11:58.043598, 3]
../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
[2022/10/04 12:11:58.054880, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ admuser at example.net from ipv4:172.27.2.58:50125 for
krbtgt/example.net at example.net
[2022/10/04 12:11:58.076255, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: encrypted-timestamp, 128
[2022/10/04 12:11:58.076483, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- admuser at example.net
[2022/10/04 12:11:58.076587, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- admuser at example.net
[2022/10/04 12:11:58.077527, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: ENC-TS Pre-authentication succeeded -- admuser at example.net
using aes256-cts-hmac-sha1-96
[2022/10/04 12:11:58.077840, 3]
../../auth/auth_log.c:635(log_authentication_event_human_readable)
Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
[(null)]\[admuser at example.net] at [Tue, 04 Oct 2022 12:11:58.077747
CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation
[(null)] remote host [ipv4:172.27.2.58:50125] became
[EXAMPLE]\[admuser] [S-1-5-21-578677625-3635414378-1858279571-1104].
local host [NULL]
{"timestamp": "2022-10-04T12:11:58.086113+0200", "type":
"Authentication", "Authentication": {"version": {"major": 1, "minor":
2}, "eventId": 4624, "logonId": "c61be2b0d84a3e12", "logonType": 3,
"status": "NT_STATUS_OK", "localAddress": null, "remoteAddress":
"ipv4:172.27.2.58:50125", "serviceDescription": "Kerberos KDC",
"authDescription": "ENC-TS Pre-authentication", "clientDomain": null,
"clientAccount": "admuser at example.net", "workstation": null,
"becameAccount": "admuser", "becameDomain": "EXAMPLE", "becameSid":
"S-1-5-21-578677625-3635414378-1858279571-1104", "mappedAccount":
"admuser", "mappedDomain": "EXAMPLE", "netlogonComputer": null,
"netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
"passwordType": "aes256-cts-hmac-sha1-96", "duration": 31663}}
[2022/10/04 12:11:58.160727, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ authtime: 2022-10-04T12:11:58 starttime: unset
endtime: 2022-10-04T22:11:58 renew till: 2022-10-11T12:11:58
[2022/10/04 12:11:58.161033, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
[2022/10/04 12:11:58.161206, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Requested flags: renewable-ok, canonicalize, renewable, forwardable
[2022/10/04 12:11:58.165799, 3]
../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
[2022/10/04 12:11:58.178036, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed to verify authenticator checksum: Decrypt integrity
check failed for checksum type rsa-md5, key type
aes256-cts-hmac-sha1-96
[2022/10/04 12:11:58.178282, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed parsing TGS-REQ from ipv4:172.27.2.58:50126
As you can see, the authentication here is reported to be successful. So
far it's the same issue as here
<https://www.claudiokuenzler.com/blog/1065/windows-client-unable-join-domain-samba-4-domain-controller-logon-failure-unknown-user-name>,
so I tried the following commands:
root at SMBDC1:~# host -t SRV _ldap._tcp.example.net
_ldap._tcp.example.net has SRV record 0 100 389 smbdc1.example.net.
root at SMBDC1:~# host -t SRV _kerebros._udp.example.net
Host _kerebros._udp.example.net not found: 3(NXDOMAIN)
root at SMBDC1:~# host -t A focal.exapmle.net
Host focal.example.net not found: 3(NXDOMAIN)
root at SMBDC1:~# dig -t SRV _kerebros._udp.frankini.net
; <<>> DiG 9.16.1-Ubuntu <<>> -t SRV _kerebros._udp.frankini.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 138
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;_kerebros._udp.frankini.net. IN SRV
;; AUTHORITY SECTION:
frankini.net. 3600 IN SOA
smbdc1.frankini.net. hostmaster. frankini.net. 55 900 600 86400 3600
;; Query time: 3 msec
;; SERVER: 172.27.1.1#53(172.27.1.1)
;; WHEN: Fri Oct 07 21:44:12 CEST 2022
;; MSG SIZE rcvd: 99
This originally worked but now i get "*Host not found*"... what could have
changed?
*My setup*
router: 172.27.0.1
smbdc: 172.27.1.1
dns: 172.27.1.2
dhcp range: 172.27.2.2 - 172.27.2.254
Samba runs on an Orange Pi Zero and I connect to it through Putty and FileZilla
I route communication between the xxx.xxx.0.xxx, xxx.xxx.1.xxx and
xxx.xxx.2.xxx ip ranges and set the network mask to be 255.255.0.0
*System*
OS: Armbian 22.05.3 Focal with Linux 5.15.48-sunxi
SAMBA: Samba version 4.13.17-Ubuntu
*smb.conf*
# Global parameters
[global]
dns forwarder = 172.27.1.2
netbios name = SMBDC1
realm = EXAMPLE.NET <http://example.net/>
server role = active directory domain controller
workgroup = EXAMPLE
idmap_ldb:use rfc2307 = yes
host msdfs = yes
log level = 3
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/example.net/scripts
read only = No
*UPDATE:*
I made an image of the disk as a backup, then did a bunch of tests with no
success. so I finally reverted the image to the disk as it was, and now
suddenly these commands work:
root at SMBDC1:~# host -t SRV _ldap._tcp.example.net
_ldap._tcp.example.net has SRV record 0 100 389 smbdc1.example.net.
root at SMBDC1:~# host -t SRV _kerberos._udp.example.net
_kerberos._udp.example.net has SRV record 0 100 88 smbdc1.example.net.
root at SMBDC1:~# host -t A SMBDC1.example.net <http://smbdc1.example.net/>
SMBDC1.example.net <http://smbdc1.example.net/> has address 172.27.1.4
So the situation now is as follows:
I added the computer "*TESTING-W11*" to the domain with my domain admin
user, not with 'administrator'. It works only if i do "user at example.net"
and not "user", which used to work before. and if someone asks, yes I also
tried with administrator and it only work as "administrator at example.com"
after the computer rebooted I tried to login but it says wrong user or
password.
this is the log file of login attempt:
[2022/10/12 19:39:25.980185, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ user2 at EXAMPLE from ipv4:172.27.2.26:50574 for
krbtgt/EXAMPLE at EXAMPLE
[2022/10/12 19:39:26.008882, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: 128
[2022/10/12 19:39:26.009229, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE
[2022/10/12 19:39:26.009433, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE
[2022/10/12 19:39:26.009709, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- user2 at EXAMPLE
[2022/10/12 19:39:26.013190, 3]
../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
[2022/10/12 19:39:26.024021, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ user2 at EXAMPLE from ipv4:172.27.2.26:50575 for
krbtgt/EXAMPLE at EXAMPLE
[2022/10/12 19:39:26.051743, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: encrypted-timestamp, 128
[2022/10/12 19:39:26.052093, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE
[2022/10/12 19:39:26.052302, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE
[2022/10/12 19:39:26.052948, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: ENC-TS Pre-authentication succeeded -- user2 at EXAMPLE using
aes256-cts-hmac-sha1-96
[2022/10/12 19:39:26.053349, 3]
../../auth/auth_log.c:635(log_authentication_event_human_readable)
Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\
[user2 at EXAMPLE] at [Wed, 12 Oct 2022 19:39:26.053205 CEST] with
[aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation [(null)]
remote host [ipv4:172.27.2.26:50575] became [EXAMPLE]\[user2]
[S-1-5-21-578677625-3635414378-1858279571-1105]. local host [NULL]
{"timestamp": "2022-10-12T19:39:26.053767+0200", "type":
"Authentication", "Authentication": {"version": {"major": 1, "minor":
2}, "eventId": 4624, "logonId": "d3433331ec6a5bf7", "logonType": 3,
"status": "NT_STATUS_OK", "localAddress": null, "remoteAddress":
"ipv4:172.27.2.26:50575", "serviceDescription": "Kerberos KDC",
"authDescription": "ENC-TS Pre-authentication", "clientDomain": null,
"clientAccount": "user2 at EXAMPLE", "workstation": null,
"becameAccount": "user2", "becameDomain": "EXAMPLE", "becameSid":
"S-1-5-21-578677625-3635414378-1858279571-1105", "mappedAccount":
"user2", "mappedDomain": "EXAMPLE", "netlogonComputer": null,
"netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
"passwordType": "aes256-cts-hmac-sha1-96", "duration": 30203}}
[2022/10/12 19:39:26.089947, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ authtime: 2022-10-12T19:39:26 starttime: unset
endtime: 2022-10-13T05:39:26 renew till: 2022-10-19T19:39:26
[2022/10/12 19:39:26.090338, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
[2022/10/12 19:39:26.090474, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Requested flags: renewable-ok, canonicalize, renewable, forwardable
[2022/10/12 19:39:26.097520, 3]
../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
[2022/10/12 19:39:26.106943, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed to verify authenticator checksum: Decrypt integrity
check failed for checksum type rsa-md5, key type
aes256-cts-hmac-sha1-96
[2022/10/12 19:39:26.107170, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed parsing TGS-REQ from ipv4:172.27.2.26:50576
[2022/10/12 19:39:26.110456, 3]
../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
[2022/10/12 19:39:26.114239, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50577 for
krbtgt/EXAMPLE.NET at EXAMPLE.NET
[2022/10/12 19:39:26.127198, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: 128
[2022/10/12 19:39:26.127410, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
[2022/10/12 19:39:26.127580, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
[2022/10/12 19:39:26.127768, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- user2 at EXAMPLE.NET
[2022/10/12 19:39:26.130816, 3]
../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
[2022/10/12 19:39:26.140450, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50578 for
krbtgt/EXAMPLE.NET at EXAMPLE.NET
[2022/10/12 19:39:26.152897, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: encrypted-timestamp, 128
[2022/10/12 19:39:26.153102, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
[2022/10/12 19:39:26.153210, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
[2022/10/12 19:39:26.153583, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: ENC-TS Pre-authentication succeeded -- user2 at EXAMPLE.NET
using aes256-cts-hmac-sha1-96
[2022/10/12 19:39:26.153816, 3]
../../auth/auth_log.c:635(log_authentication_event_human_readable)
Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
[(null)]\[user2 at EXAMPLE.NET] at [Wed, 12 Oct 2022 19:39:26.153732
CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation
[(null)] remote host [ipv4:172.27.2.26:50578] became [EXAMPLE]\[user2]
[S-1-5-21-578677625-3635414378-1858279571-1105]. local host [NULL]
{"timestamp": "2022-10-12T19:39:26.154039+0200", "type":
"Authentication", "Authentication": {"version": {"major": 1, "minor":
2}, "eventId": 4624, "logonId": "869dfe1fc68f82a8", "logonType": 3,
"status": "NT_STATUS_OK", "localAddress": null, "remoteAddress":
"ipv4:172.27.2.26:50578", "serviceDescription": "Kerberos KDC",
"authDescription": "ENC-TS Pre-authentication", "clientDomain": null,
"clientAccount": "user2 at EXAMPLE.NET", "workstation": null,
"becameAccount": "user2", "becameDomain": "EXAMPLE", "becameSid":
"S-1-5-21-578677625-3635414378-1858279571-1105", "mappedAccount":
"user2", "mappedDomain": "EXAMPLE", "netlogonComputer": null,
"netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
"passwordType": "aes256-cts-hmac-sha1-96", "duration": 13913}}
[2022/10/12 19:39:26.182189, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ authtime: 2022-10-12T19:39:26 starttime: unset
endtime: 2022-10-13T05:39:26 renew till: 2022-10-19T19:39:26
[2022/10/12 19:39:26.182483, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
[2022/10/12 19:39:26.182612, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Requested flags: renewable-ok, canonicalize, renewable, forwardable
[2022/10/12 19:39:26.187831, 3]
../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
[2022/10/12 19:39:26.197162, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed to verify authenticator checksum: Decrypt integrity
check failed for checksum type rsa-md5, key type
aes256-cts-hmac-sha1-96
[2022/10/12 19:39:26.197385, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed parsing TGS-REQ from ipv4:172.27.2.26:50579
[2022/10/12 19:39:26.202216, 3]
../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
[2022/10/12 19:39:26.206268, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50580 for
krbtgt/EXAMPLE.NET at EXAMPLE.NET
[2022/10/12 19:39:26.218896, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: 128
[2022/10/12 19:39:26.219112, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
[2022/10/12 19:39:26.219220, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
[2022/10/12 19:39:26.219367, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- user2 at EXAMPLE.NET
[2022/10/12 19:39:26.226212, 3]
../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
[2022/10/12 19:39:26.236585, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50581 for
krbtgt/EXAMPLE.NET at EXAMPLE.NET
[2022/10/12 19:39:26.249060, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: encrypted-timestamp, 128
[2022/10/12 19:39:26.249272, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
[2022/10/12 19:39:26.249377, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
[2022/10/12 19:39:26.249842, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: ENC-TS Pre-authentication succeeded -- user2 at EXAMPLE.NET
using aes256-cts-hmac-sha1-96
[2022/10/12 19:39:26.250084, 3]
../../auth/auth_log.c:635(log_authentication_event_human_readable)
Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
[(null)]\[user2 at EXAMPLE.NET] at [Wed, 12 Oct 2022 19:39:26.250002
CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation
[(null)] remote host [ipv4:172.27.2.26:50581] became [EXAMPLE]\[user2]
[S-1-5-21-578677625-3635414378-1858279571-1105]. local host [NULL]
{"timestamp": "2022-10-12T19:39:26.250309+0200", "type":
"Authentication", "Authentication": {"version": {"major": 1, "minor":
2}, "eventId": 4624, "logonId": "b111aea5f91526ac", "logonType": 3,
"status": "NT_STATUS_OK", "localAddress": null, "remoteAddress":
"ipv4:172.27.2.26:50581", "serviceDescription": "Kerberos KDC",
"authDescription": "ENC-TS Pre-authentication", "clientDomain": null,
"clientAccount": "user2 at EXAMPLE.NET", "workstation": null,
"becameAccount": "user2", "becameDomain": "EXAMPLE", "becameSid":
"S-1-5-21-578677625-3635414378-1858279571-1105", "mappedAccount":
"user2", "mappedDomain": "EXAMPLE", "netlogonComputer": null,
"netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
"passwordType": "aes256-cts-hmac-sha1-96", "duration": 13999}}
[2022/10/12 19:39:26.278425, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ authtime: 2022-10-12T19:39:26 starttime: unset
endtime: 2022-10-13T05:39:26 renew till: 2022-10-19T19:39:26
[2022/10/12 19:39:26.278721, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
[2022/10/12 19:39:26.278850, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Requested flags: renewable-ok, canonicalize, renewable, forwardable
[2022/10/12 19:39:26.284069, 3]
../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
[2022/10/12 19:39:26.293333, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed to verify authenticator checksum: Decrypt integrity
check failed for checksum type rsa-md5, key type
aes256-cts-hmac-sha1-96
[2022/10/12 19:39:26.293567, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed parsing TGS-REQ from ipv4:172.27.2.26:50582
[2022/10/12 19:39:26.297119, 3]
../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
[2022/10/12 19:39:26.301280, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50583 for
krbtgt/EXAMPLE.NET at EXAMPLE.NET
[2022/10/12 19:39:26.314043, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: 128
[2022/10/12 19:39:26.314253, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
[2022/10/12 19:39:26.314361, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
[2022/10/12 19:39:26.314507, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- user2 at EXAMPLE.NET
[2022/10/12 19:39:26.317995, 3]
../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
[2022/10/12 19:39:26.328064, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50584 for
krbtgt/EXAMPLE.NET at EXAMPLE.NET
[2022/10/12 19:39:26.340620, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: encrypted-timestamp, 128
[2022/10/12 19:39:26.340832, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
[2022/10/12 19:39:26.340934, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
[2022/10/12 19:39:26.341304, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: ENC-TS Pre-authentication succeeded -- user2 at EXAMPLE.NET
using aes256-cts-hmac-sha1-96
[2022/10/12 19:39:26.341534, 3]
../../auth/auth_log.c:635(log_authentication_event_human_readable)
Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
[(null)]\[user2 at EXAMPLE.NET] at [Wed, 12 Oct 2022 19:39:26.341453
CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation
[(null)] remote host [ipv4:172.27.2.26:50584] became [EXAMPLE]\[user2]
[S-1-5-21-578677625-3635414378-1858279571-1105]. local host [NULL]
{"timestamp": "2022-10-12T19:39:26.341761+0200", "type":
"Authentication", "Authentication": {"version": {"major": 1, "minor":
2}, "eventId": 4624, "logonId": "4baa7d35daccf446", "logonType": 3,
"status": "NT_STATUS_OK", "localAddress": null, "remoteAddress":
"ipv4:172.27.2.26:50584", "serviceDescription": "Kerberos KDC",
"authDescription": "ENC-TS Pre-authentication", "clientDomain": null,
"clientAccount": "user2 at EXAMPLE.NET", "workstation": null,
"becameAccount": "user2", "becameDomain": "EXAMPLE", "becameSid":
"S-1-5-21-578677625-3635414378-1858279571-1105", "mappedAccount":
"user2", "mappedDomain": "EXAMPLE", "netlogonComputer": null,
"netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
"passwordType": "aes256-cts-hmac-sha1-96", "duration": 13987}}
[2022/10/12 19:39:26.369985, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ authtime: 2022-10-12T19:39:26 starttime: unset
endtime: 2022-10-13T05:39:26 renew till: 2022-10-19T19:39:26
[2022/10/12 19:39:26.370274, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
[2022/10/12 19:39:26.370405, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Requested flags: renewable-ok, canonicalize, renewable, forwardable
[2022/10/12 19:39:26.375775, 3]
../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
[2022/10/12 19:39:26.385121, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed to verify authenticator checksum: Decrypt integrity
check failed for checksum type rsa-md5, key type
aes256-cts-hmac-sha1-96
[2022/10/12 19:39:26.385343, 3]
../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Failed parsing TGS-REQ from ipv4:172.27.2.26:50585
[2022/10/12 19:39:26.388686, 3]
../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection -
'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
is there something wrong in the log file?
Thank you,
Diego
More information about the samba
mailing list