[Samba] issue joining domain and now logging in
Andrew Bartlett
abartlet at samba.org
Thu Oct 13 00:48:12 UTC 2022
Yes, you will need to find a third-party packager or speak with your
vendor.
I do hope to release patches to address this issue in the older
version, not as a Samba.org release (Samba.org is no longer supporting
this version), but thanks to my employer's commercial customers and to
support the community, who we know can't move as fast as we would like.
In the meantime accept the bugzilla invite I've just sent you and CC
yourself to the bug for updates.
Andrew Bartlett
On Thu, 2022-10-13 at 01:12 +0200, Diego Franchini via samba wrote:
> don't mind the misspells.
> The issue is another one now...
>
> Thanks to @abarlet at samba.org <abarlet at samba.org> I was able to find an old
> 21h2 windows 11 PC and add it to the domain perfectly, indeed confirming
> the issue to be this one here
> <https://bugzilla.samba.org/show_bug.cgi?id=15197>.
>
> I tried to update the software but the latest version I'm able to install
> is "Samba 4.15.9-Ubuntu" on "Armbian 22.08.4 Jammy with Linux
> 5.15.72-sunxi".
>
> How can I upgrade to Samba 4.16, do I just have to wait for an update in
> some future? Am I doomed?
>
> Il giorno mer 12 ott 2022 alle ore 20:54 Rowland Penny via samba <
> samba at lists.samba.org> ha scritto:
>
> >
> >
> > On 12/10/2022 19:21, Diego Franchini via samba wrote:
> > > this is an extract from my post on superuser and serverfault. I've been
> > > suggested to seek help here too.
> > >
> > > I'm constantly trying new solutions, literally anything I can find
> > online,
> > > but to this day nothing has completely fixed it.
> > >
> > >
> > > *DISCLAMER:*
> > > I'm still trying to fully learn and understand how to properly maintain a
> > > samba domain controller.
> > >
> > > *The Problem:*
> > >
> > > I had a working samba installation with AD controlle but now, just a
> > month
> > > after my last computer join, it won't work anymore. On Windows it says
> > > "unknown user or password" but I've checked them to be correct.
> > >
> > > I tried setting the log level to 3 in "smb.conf" and while trying to
> > join a
> > > computer this gets logged:
> > >
> > > [2022/10/04 12:11:58.018256, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: AS-REQ admuser at example.net from ipv4:172.27.2.58:50124 for
> > > krbtgt/example.net at example.net
> > > [2022/10/04 12:11:58.039839, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Client sent patypes: 128
> > > [2022/10/04 12:11:58.040080, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for PKINIT pa-data -- admuser at example.net
> > > [2022/10/04 12:11:58.040191, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for ENC-TS pa-data -- admuser at example.net
> > > [2022/10/04 12:11:58.040341, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: No preauth found, returning PREAUTH-REQUIRED --
> > admuser at example.net
> > > [2022/10/04 12:11:58.043598, 3]
> > > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > > stream_terminate_connection: Terminating connection -
> > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > > NT_STATUS_CONNECTION_DISCONNECTED'
> > > [2022/10/04 12:11:58.054880, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: AS-REQ admuser at example.net from ipv4:172.27.2.58:50125 for
> > > krbtgt/example.net at example.net
> > > [2022/10/04 12:11:58.076255, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Client sent patypes: encrypted-timestamp, 128
> > > [2022/10/04 12:11:58.076483, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for PKINIT pa-data -- admuser at example.net
> > > [2022/10/04 12:11:58.076587, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for ENC-TS pa-data -- admuser at example.net
> > > [2022/10/04 12:11:58.077527, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: ENC-TS Pre-authentication succeeded -- admuser at example.net
> > > using aes256-cts-hmac-sha1-96
> > > [2022/10/04 12:11:58.077840, 3]
> > > ../../auth/auth_log.c:635(log_authentication_event_human_readable)
> > > Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
> > > [(null)]\[admuser at example.net] at [Tue, 04 Oct 2022 12:11:58.077747
> > > CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation
> > > [(null)] remote host [ipv4:172.27.2.58:50125] became
> > > [EXAMPLE]\[admuser] [S-1-5-21-578677625-3635414378-1858279571-1104].
> > > local host [NULL]
> > > {"timestamp": "2022-10-04T12:11:58.086113+0200", "type":
> > > "Authentication", "Authentication": {"version": {"major": 1, "minor":
> > > 2}, "eventId": 4624, "logonId": "c61be2b0d84a3e12", "logonType": 3,
> > > "status": "NT_STATUS_OK", "localAddress": null, "remoteAddress":
> > > "ipv4:172.27.2.58:50125", "serviceDescription": "Kerberos KDC",
> > > "authDescription": "ENC-TS Pre-authentication", "clientDomain": null,
> > > "clientAccount": "admuser at example.net", "workstation": null,
> > > "becameAccount": "admuser", "becameDomain": "EXAMPLE", "becameSid":
> > > "S-1-5-21-578677625-3635414378-1858279571-1104", "mappedAccount":
> > > "admuser", "mappedDomain": "EXAMPLE", "netlogonComputer": null,
> > > "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000",
> > > "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
> > > "passwordType": "aes256-cts-hmac-sha1-96", "duration": 31663}}
> > > [2022/10/04 12:11:58.160727, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: AS-REQ authtime: 2022-10-04T12:11:58 starttime: unset
> > > endtime: 2022-10-04T22:11:58 renew till: 2022-10-11T12:11:58
> > > [2022/10/04 12:11:58.161033, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
> > > aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> > > aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
> > > [2022/10/04 12:11:58.161206, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Requested flags: renewable-ok, canonicalize, renewable,
> > forwardable
> > > [2022/10/04 12:11:58.165799, 3]
> > > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > > stream_terminate_connection: Terminating connection -
> > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > > NT_STATUS_CONNECTION_DISCONNECTED'
> > > [2022/10/04 12:11:58.178036, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Failed to verify authenticator checksum: Decrypt integrity
> > > check failed for checksum type rsa-md5, key type
> > > aes256-cts-hmac-sha1-96
> > > [2022/10/04 12:11:58.178282, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Failed parsing TGS-REQ from ipv4:172.27.2.58:50126
> > >
> > > As you can see, the authentication here is reported to be successful.
> >
> > Yes, the authentication for admuser is successful, but unless you have
> > changed the Administrator name to 'admuser', the join will not work,
> > have you tried a join with 'Administrator' ?
> >
> > So
> > > far it's the same issue as here
> > > <
> > https://www.claudiokuenzler.com/blog/1065/windows-client-unable-join-domain-samba-4-domain-controller-logon-failure-unknown-user-name
> > > ,
> > > so I tried the following commands:
> > >
> > > root at SMBDC1:~# host -t SRV _ldap._tcp.example.net
> > > _ldap._tcp.example.net has SRV record 0 100 389 smbdc1.example.net.
> > > root at SMBDC1:~# host -t SRV _kerebros._udp.example.net
> >
> > Is that exactly what you typed ? If so, for the third time, it is
> > 'kerberos' not 'kerebros'.
> >
> > > Host _kerebros._udp.example.net not found: 3(NXDOMAIN)
> > > root at SMBDC1:~# host -t A focal.exapmle.net
> >
> > 'example' not 'exapmle'
> >
> >
> > > Host focal.example.net not found: 3(NXDOMAIN)
> > >
> > > root at SMBDC1:~# dig -t SRV _kerebros._udp.frankini.net
> > >
> > > ; <<>> DiG 9.16.1-Ubuntu <<>> -t SRV _kerebros._udp.frankini.net
> >
> > 'kerebros' again.
> >
> > > ;; global options: +cmd
> > > ;; Got answer:
> > > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 138
> > > ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1,
> > ADDITIONAL: 0
> > >
> > > ;; QUESTION SECTION:
> > > ;_kerebros._udp.frankini.net. IN SRV
> > >
> > > ;; AUTHORITY SECTION:
> > > frankini.net. 3600 IN SOA
> > > smbdc1.frankini.net. hostmaster. frankini.net. 55 900 600
> > 86400 3600
> > >
> > > ;; Query time: 3 msec
> > > ;; SERVER: 172.27.1.1#53(172.27.1.1)
> > > ;; WHEN: Fri Oct 07 21:44:12 CEST 2022
> > > ;; MSG SIZE rcvd: 99
> > >
> > > This originally worked but now i get "*Host not found*"... what could
> > have
> > > changed?
> > >
> > > *My setup*
> > >
> > > router: 172.27.0.1
> > > smbdc: 172.27.1.1
> > > dns: 172.27.1.2
> > >
> > > dhcp range: 172.27.2.2 - 172.27.2.254
> > >
> > > Samba runs on an Orange Pi Zero and I connect to it through Putty and
> > FileZilla
> > >
> > > I route communication between the xxx.xxx.0.xxx, xxx.xxx.1.xxx and
> > > xxx.xxx.2.xxx ip ranges and set the network mask to be 255.255.0.0
> > >
> > > *System*
> > >
> > > OS: Armbian 22.05.3 Focal with Linux 5.15.48-sunxi
> > > SAMBA: Samba version 4.13.17-Ubuntu
> > >
> > > *smb.conf*
> > >
> > > # Global parameters
> > > [global]
> > > dns forwarder = 172.27.1.2
> > > netbios name = SMBDC1
> > > realm = EXAMPLE.NET <http://example.net/>
> > > server role = active directory domain controller
> > > workgroup = EXAMPLE
> > > idmap_ldb:use rfc2307 = yes
> > > host msdfs = yes
> > > log level = 3
> > >
> > > [sysvol]
> > > path = /var/lib/samba/sysvol
> > > read only = No
> > >
> > > [netlogon]
> > > path = /var/lib/samba/sysvol/example.net/scripts
> > > read only = No
> > >
> > > *UPDATE:*
> > >
> > > I made an image of the disk as a backup, then did a bunch of tests with
> > no
> > > success. so I finally reverted the image to the disk as it was, and now
> > > suddenly these commands work:
> > >
> > > root at SMBDC1:~# host -t SRV _ldap._tcp.example.net
> > > _ldap._tcp.example.net has SRV record 0 100 389 smbdc1.example.net.
> > > root at SMBDC1:~# host -t SRV _kerberos._udp.example.net
> > > _kerberos._udp.example.net has SRV record 0 100 88
> > smbdc1.example.net.
> >
> > How can something that is spelt wrong work ?
> >
> > Rowland
> >
> > > root at SMBDC1:~# host -t A SMBDC1.example.net <http://smbdc1.example.net/>
> > > SMBDC1.example.net <http://smbdc1.example.net/> has address
> > 172.27.1.4
> > >
> > > So the situation now is as follows:
> > >
> > > I added the computer "*TESTING-W11*" to the domain with my domain admin
> > > user, not with 'administrator'. It works only if i do "user at example.net"
> > > and not "user", which used to work before. and if someone asks, yes I
> > also
> > > tried with administrator and it only work as "administrator at example.com"
> > >
> > > after the computer rebooted I tried to login but it says wrong user or
> > > password.
> > >
> > > this is the log file of login attempt:
> > >
> > > [2022/10/12 19:39:25.980185, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: AS-REQ user2 at EXAMPLE from ipv4:172.27.2.26:50574 for
> > > krbtgt/EXAMPLE at EXAMPLE
> > > [2022/10/12 19:39:26.008882, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Client sent patypes: 128
> > > [2022/10/12 19:39:26.009229, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE
> > > [2022/10/12 19:39:26.009433, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE
> > > [2022/10/12 19:39:26.009709, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: No preauth found, returning PREAUTH-REQUIRED --
> > user2 at EXAMPLE
> > > [2022/10/12 19:39:26.013190, 3]
> > > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > > stream_terminate_connection: Terminating connection -
> > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > > NT_STATUS_CONNECTION_DISCONNECTED'
> > > [2022/10/12 19:39:26.024021, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: AS-REQ user2 at EXAMPLE from ipv4:172.27.2.26:50575 for
> > > krbtgt/EXAMPLE at EXAMPLE
> > > [2022/10/12 19:39:26.051743, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Client sent patypes: encrypted-timestamp, 128
> > > [2022/10/12 19:39:26.052093, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE
> > > [2022/10/12 19:39:26.052302, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE
> > > [2022/10/12 19:39:26.052948, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: ENC-TS Pre-authentication succeeded -- user2 at EXAMPLE using
> > > aes256-cts-hmac-sha1-96
> > > [2022/10/12 19:39:26.053349, 3]
> > > ../../auth/auth_log.c:635(log_authentication_event_human_readable)
> > > Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\
> > > [user2 at EXAMPLE] at [Wed, 12 Oct 2022 19:39:26.053205 CEST] with
> > > [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation [(null)]
> > > remote host [ipv4:172.27.2.26:50575] became [EXAMPLE]\[user2]
> > > [S-1-5-21-578677625-3635414378-1858279571-1105]. local host [NULL]
> > > {"timestamp": "2022-10-12T19:39:26.053767+0200", "type":
> > > "Authentication", "Authentication": {"version": {"major": 1, "minor":
> > > 2}, "eventId": 4624, "logonId": "d3433331ec6a5bf7", "logonType": 3,
> > > "status": "NT_STATUS_OK", "localAddress": null, "remoteAddress":
> > > "ipv4:172.27.2.26:50575", "serviceDescription": "Kerberos KDC",
> > > "authDescription": "ENC-TS Pre-authentication", "clientDomain": null,
> > > "clientAccount": "user2 at EXAMPLE", "workstation": null,
> > > "becameAccount": "user2", "becameDomain": "EXAMPLE", "becameSid":
> > > "S-1-5-21-578677625-3635414378-1858279571-1105", "mappedAccount":
> > > "user2", "mappedDomain": "EXAMPLE", "netlogonComputer": null,
> > > "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000",
> > > "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
> > > "passwordType": "aes256-cts-hmac-sha1-96", "duration": 30203}}
> > > [2022/10/12 19:39:26.089947, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: AS-REQ authtime: 2022-10-12T19:39:26 starttime: unset
> > > endtime: 2022-10-13T05:39:26 renew till: 2022-10-19T19:39:26
> > > [2022/10/12 19:39:26.090338, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
> > > aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> > > aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
> > > [2022/10/12 19:39:26.090474, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Requested flags: renewable-ok, canonicalize, renewable,
> > forwardable
> > > [2022/10/12 19:39:26.097520, 3]
> > > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > > stream_terminate_connection: Terminating connection -
> > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > > NT_STATUS_CONNECTION_DISCONNECTED'
> > > [2022/10/12 19:39:26.106943, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Failed to verify authenticator checksum: Decrypt integrity
> > > check failed for checksum type rsa-md5, key type
> > > aes256-cts-hmac-sha1-96
> > > [2022/10/12 19:39:26.107170, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Failed parsing TGS-REQ from ipv4:172.27.2.26:50576
> > > [2022/10/12 19:39:26.110456, 3]
> > > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > > stream_terminate_connection: Terminating connection -
> > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > > NT_STATUS_CONNECTION_DISCONNECTED'
> > > [2022/10/12 19:39:26.114239, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50577 for
> > > krbtgt/EXAMPLE.NET at EXAMPLE.NET
> > > [2022/10/12 19:39:26.127198, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Client sent patypes: 128
> > > [2022/10/12 19:39:26.127410, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> > > [2022/10/12 19:39:26.127580, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> > > [2022/10/12 19:39:26.127768, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: No preauth found, returning PREAUTH-REQUIRED --
> > user2 at EXAMPLE.NET
> > > [2022/10/12 19:39:26.130816, 3]
> > > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > > stream_terminate_connection: Terminating connection -
> > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > > NT_STATUS_CONNECTION_DISCONNECTED'
> > > [2022/10/12 19:39:26.140450, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50578 for
> > > krbtgt/EXAMPLE.NET at EXAMPLE.NET
> > > [2022/10/12 19:39:26.152897, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Client sent patypes: encrypted-timestamp, 128
> > > [2022/10/12 19:39:26.153102, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> > > [2022/10/12 19:39:26.153210, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> > > [2022/10/12 19:39:26.153583, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: ENC-TS Pre-authentication succeeded -- user2 at EXAMPLE.NET
> > > using aes256-cts-hmac-sha1-96
> > > [2022/10/12 19:39:26.153816, 3]
> > > ../../auth/auth_log.c:635(log_authentication_event_human_readable)
> > > Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
> > > [(null)]\[user2 at EXAMPLE.NET] at [Wed, 12 Oct 2022 19:39:26.153732
> > > CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation
> > > [(null)] remote host [ipv4:172.27.2.26:50578] became [EXAMPLE]\[user2]
> > > [S-1-5-21-578677625-3635414378-1858279571-1105]. local host [NULL]
> > > {"timestamp": "2022-10-12T19:39:26.154039+0200", "type":
> > > "Authentication", "Authentication": {"version": {"major": 1, "minor":
> > > 2}, "eventId": 4624, "logonId": "869dfe1fc68f82a8", "logonType": 3,
> > > "status": "NT_STATUS_OK", "localAddress": null, "remoteAddress":
> > > "ipv4:172.27.2.26:50578", "serviceDescription": "Kerberos KDC",
> > > "authDescription": "ENC-TS Pre-authentication", "clientDomain": null,
> > > "clientAccount": "user2 at EXAMPLE.NET", "workstation": null,
> > > "becameAccount": "user2", "becameDomain": "EXAMPLE", "becameSid":
> > > "S-1-5-21-578677625-3635414378-1858279571-1105", "mappedAccount":
> > > "user2", "mappedDomain": "EXAMPLE", "netlogonComputer": null,
> > > "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000",
> > > "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
> > > "passwordType": "aes256-cts-hmac-sha1-96", "duration": 13913}}
> > > [2022/10/12 19:39:26.182189, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: AS-REQ authtime: 2022-10-12T19:39:26 starttime: unset
> > > endtime: 2022-10-13T05:39:26 renew till: 2022-10-19T19:39:26
> > > [2022/10/12 19:39:26.182483, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
> > > aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> > > aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
> > > [2022/10/12 19:39:26.182612, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Requested flags: renewable-ok, canonicalize, renewable,
> > forwardable
> > > [2022/10/12 19:39:26.187831, 3]
> > > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > > stream_terminate_connection: Terminating connection -
> > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > > NT_STATUS_CONNECTION_DISCONNECTED'
> > > [2022/10/12 19:39:26.197162, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Failed to verify authenticator checksum: Decrypt integrity
> > > check failed for checksum type rsa-md5, key type
> > > aes256-cts-hmac-sha1-96
> > > [2022/10/12 19:39:26.197385, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Failed parsing TGS-REQ from ipv4:172.27.2.26:50579
> > > [2022/10/12 19:39:26.202216, 3]
> > > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > > stream_terminate_connection: Terminating connection -
> > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > > NT_STATUS_CONNECTION_DISCONNECTED'
> > > [2022/10/12 19:39:26.206268, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50580 for
> > > krbtgt/EXAMPLE.NET at EXAMPLE.NET
> > > [2022/10/12 19:39:26.218896, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Client sent patypes: 128
> > > [2022/10/12 19:39:26.219112, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> > > [2022/10/12 19:39:26.219220, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> > > [2022/10/12 19:39:26.219367, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: No preauth found, returning PREAUTH-REQUIRED --
> > user2 at EXAMPLE.NET
> > > [2022/10/12 19:39:26.226212, 3]
> > > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > > stream_terminate_connection: Terminating connection -
> > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > > NT_STATUS_CONNECTION_DISCONNECTED'
> > > [2022/10/12 19:39:26.236585, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50581 for
> > > krbtgt/EXAMPLE.NET at EXAMPLE.NET
> > > [2022/10/12 19:39:26.249060, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Client sent patypes: encrypted-timestamp, 128
> > > [2022/10/12 19:39:26.249272, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> > > [2022/10/12 19:39:26.249377, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> > > [2022/10/12 19:39:26.249842, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: ENC-TS Pre-authentication succeeded -- user2 at EXAMPLE.NET
> > > using aes256-cts-hmac-sha1-96
> > > [2022/10/12 19:39:26.250084, 3]
> > > ../../auth/auth_log.c:635(log_authentication_event_human_readable)
> > > Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
> > > [(null)]\[user2 at EXAMPLE.NET] at [Wed, 12 Oct 2022 19:39:26.250002
> > > CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation
> > > [(null)] remote host [ipv4:172.27.2.26:50581] became [EXAMPLE]\[user2]
> > > [S-1-5-21-578677625-3635414378-1858279571-1105]. local host [NULL]
> > > {"timestamp": "2022-10-12T19:39:26.250309+0200", "type":
> > > "Authentication", "Authentication": {"version": {"major": 1, "minor":
> > > 2}, "eventId": 4624, "logonId": "b111aea5f91526ac", "logonType": 3,
> > > "status": "NT_STATUS_OK", "localAddress": null, "remoteAddress":
> > > "ipv4:172.27.2.26:50581", "serviceDescription": "Kerberos KDC",
> > > "authDescription": "ENC-TS Pre-authentication", "clientDomain": null,
> > > "clientAccount": "user2 at EXAMPLE.NET", "workstation": null,
> > > "becameAccount": "user2", "becameDomain": "EXAMPLE", "becameSid":
> > > "S-1-5-21-578677625-3635414378-1858279571-1105", "mappedAccount":
> > > "user2", "mappedDomain": "EXAMPLE", "netlogonComputer": null,
> > > "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000",
> > > "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
> > > "passwordType": "aes256-cts-hmac-sha1-96", "duration": 13999}}
> > > [2022/10/12 19:39:26.278425, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: AS-REQ authtime: 2022-10-12T19:39:26 starttime: unset
> > > endtime: 2022-10-13T05:39:26 renew till: 2022-10-19T19:39:26
> > > [2022/10/12 19:39:26.278721, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
> > > aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> > > aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
> > > [2022/10/12 19:39:26.278850, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Requested flags: renewable-ok, canonicalize, renewable,
> > forwardable
> > > [2022/10/12 19:39:26.284069, 3]
> > > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > > stream_terminate_connection: Terminating connection -
> > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > > NT_STATUS_CONNECTION_DISCONNECTED'
> > > [2022/10/12 19:39:26.293333, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Failed to verify authenticator checksum: Decrypt integrity
> > > check failed for checksum type rsa-md5, key type
> > > aes256-cts-hmac-sha1-96
> > > [2022/10/12 19:39:26.293567, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Failed parsing TGS-REQ from ipv4:172.27.2.26:50582
> > > [2022/10/12 19:39:26.297119, 3]
> > > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > > stream_terminate_connection: Terminating connection -
> > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > > NT_STATUS_CONNECTION_DISCONNECTED'
> > > [2022/10/12 19:39:26.301280, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50583 for
> > > krbtgt/EXAMPLE.NET at EXAMPLE.NET
> > > [2022/10/12 19:39:26.314043, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Client sent patypes: 128
> > > [2022/10/12 19:39:26.314253, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> > > [2022/10/12 19:39:26.314361, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> > > [2022/10/12 19:39:26.314507, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: No preauth found, returning PREAUTH-REQUIRED --
> > user2 at EXAMPLE.NET
> > > [2022/10/12 19:39:26.317995, 3]
> > > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > > stream_terminate_connection: Terminating connection -
> > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > > NT_STATUS_CONNECTION_DISCONNECTED'
> > > [2022/10/12 19:39:26.328064, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50584 for
> > > krbtgt/EXAMPLE.NET at EXAMPLE.NET
> > > [2022/10/12 19:39:26.340620, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Client sent patypes: encrypted-timestamp, 128
> > > [2022/10/12 19:39:26.340832, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> > > [2022/10/12 19:39:26.340934, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> > > [2022/10/12 19:39:26.341304, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: ENC-TS Pre-authentication succeeded -- user2 at EXAMPLE.NET
> > > using aes256-cts-hmac-sha1-96
> > > [2022/10/12 19:39:26.341534, 3]
> > > ../../auth/auth_log.c:635(log_authentication_event_human_readable)
> > > Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
> > > [(null)]\[user2 at EXAMPLE.NET] at [Wed, 12 Oct 2022 19:39:26.341453
> > > CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation
> > > [(null)] remote host [ipv4:172.27.2.26:50584] became [EXAMPLE]\[user2]
> > > [S-1-5-21-578677625-3635414378-1858279571-1105]. local host [NULL]
> > > {"timestamp": "2022-10-12T19:39:26.341761+0200", "type":
> > > "Authentication", "Authentication": {"version": {"major": 1, "minor":
> > > 2}, "eventId": 4624, "logonId": "4baa7d35daccf446", "logonType": 3,
> > > "status": "NT_STATUS_OK", "localAddress": null, "remoteAddress":
> > > "ipv4:172.27.2.26:50584", "serviceDescription": "Kerberos KDC",
> > > "authDescription": "ENC-TS Pre-authentication", "clientDomain": null,
> > > "clientAccount": "user2 at EXAMPLE.NET", "workstation": null,
> > > "becameAccount": "user2", "becameDomain": "EXAMPLE", "becameSid":
> > > "S-1-5-21-578677625-3635414378-1858279571-1105", "mappedAccount":
> > > "user2", "mappedDomain": "EXAMPLE", "netlogonComputer": null,
> > > "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000",
> > > "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
> > > "passwordType": "aes256-cts-hmac-sha1-96", "duration": 13987}}
> > > [2022/10/12 19:39:26.369985, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: AS-REQ authtime: 2022-10-12T19:39:26 starttime: unset
> > > endtime: 2022-10-13T05:39:26 renew till: 2022-10-19T19:39:26
> > > [2022/10/12 19:39:26.370274, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
> > > aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> > > aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
> > > [2022/10/12 19:39:26.370405, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Requested flags: renewable-ok, canonicalize, renewable,
> > forwardable
> > > [2022/10/12 19:39:26.375775, 3]
> > > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > > stream_terminate_connection: Terminating connection -
> > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > > NT_STATUS_CONNECTION_DISCONNECTED'
> > > [2022/10/12 19:39:26.385121, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Failed to verify authenticator checksum: Decrypt integrity
> > > check failed for checksum type rsa-md5, key type
> > > aes256-cts-hmac-sha1-96
> > > [2022/10/12 19:39:26.385343, 3]
> > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> > > Kerberos: Failed parsing TGS-REQ from ipv4:172.27.2.26:50585
> > > [2022/10/12 19:39:26.388686, 3]
> > > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > > stream_terminate_connection: Terminating connection -
> > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > > NT_STATUS_CONNECTION_DISCONNECTED'
> > >
> > > is there something wrong in the log file?
> > >
> > >
> > > Thank you,
> > >
> > > Diego
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
More information about the samba
mailing list