[Samba] issue joining domain and now logging in

Andrew Bartlett abartlet at samba.org
Thu Oct 13 06:01:03 UTC 2022


Backup/restore is for catastrophic failures:
https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC
However as your current DC is working, you can just join a new DC on
the new host and transfer the FSMO roles.
Andrew Bartlett
On Thu, 2022-10-13 at 07:54 +0200, Diego Franchini wrote:
> I tried to look and it seems a bit out of my league from what I can
> gather on my own...
> 
> 
> I think my best bet is to install Armbian Sid instead of Focal, which
> would be based on Debian Sid as I understand, which would be the only
> OS to have an official Samba 4.16.5 package available according to
> this (https://pkgs.org/download/samba).
> 
> The problem now is different then.
> I have backed up my original AD DC to a file using "sudo samba-tool
> domain backup offline --targetdir=<output-dir>".
> If I do a clean install, how will I restore it?
> I tried with "samba-tool domain backup restore" while experimenting,
> but it crashed in between...
> 
> Couldn't find much detailed information online on restoring a backup.
> Do I need a domain already setup, do i need to restore it before
> configuring samba after a fresh install?
> Perhaps I just searched with the wrong keywords?
> 
> 
> On Thu, 13 Oct 2022, 02:49 Andrew Bartlett, <abartlet at samba.org>
> wrote:
> > Yes, you will need to find a third-party packager or speak with
> > your
> > 
> > vendor.  
> > 
> > 
> > 
> > I do hope to release patches to address this issue in the older
> > 
> > version, not as a Samba.org release (Samba.org is no longer
> > supporting
> > 
> > this version), but thanks to my employer's commercial customers and
> > to
> > 
> > support the community, who we know can't move as fast as we would
> > like.
> > 
> > 
> > 
> > In the meantime accept the bugzilla invite I've just sent you and
> > CC
> > 
> > yourself to the bug for updates. 
> > 
> > 
> > 
> > Andrew Bartlett
> > 
> > 
> > 
> > On Thu, 2022-10-13 at 01:12 +0200, Diego Franchini via samba wrote:
> > 
> > > don't mind the misspells.
> > 
> > > The issue is another one now...
> > 
> > > 
> > 
> > > Thanks to @abarlet at samba.org <abarlet at samba.org> I was able to
> > find an old
> > 
> > > 21h2 windows 11 PC and add it to the domain perfectly, indeed
> > confirming
> > 
> > > the issue to be this one here
> > 
> > > <https://bugzilla.samba.org/show_bug.cgi?id=15197>;.
> > 
> > > 
> > 
> > > I tried to update the software but the latest version I'm able to
> > install
> > 
> > > is "Samba 4.15.9-Ubuntu" on "Armbian 22.08.4 Jammy with Linux
> > 
> > > 5.15.72-sunxi".
> > 
> > > 
> > 
> > > How can I upgrade to Samba 4.16, do I just have to wait for an
> > update in
> > 
> > > some future? Am I doomed?
> > 
> > > 
> > 
> > > Il giorno mer 12 ott 2022 alle ore 20:54 Rowland Penny via samba
> > <
> > 
> > > samba at lists.samba.org> ha scritto:
> > 
> > > 
> > 
> > > > 
> > 
> > > > 
> > 
> > > > On 12/10/2022 19:21, Diego Franchini via samba wrote:
> > 
> > > > > this is an extract from my post on superuser and serverfault.
> > I've been
> > 
> > > > > suggested to seek help here too.
> > 
> > > > > 
> > 
> > > > > I'm constantly trying new solutions, literally anything I can
> > find
> > 
> > > > online,
> > 
> > > > > but to this day nothing has completely fixed it.
> > 
> > > > > 
> > 
> > > > > 
> > 
> > > > > *DISCLAMER:*
> > 
> > > > > I'm still trying to fully learn and understand how to
> > properly maintain a
> > 
> > > > > samba domain controller.
> > 
> > > > > 
> > 
> > > > > *The Problem:*
> > 
> > > > > 
> > 
> > > > > I had a working samba installation with AD controlle but now,
> > just a
> > 
> > > > month
> > 
> > > > > after my last computer join, it won't work anymore. On
> > Windows it says
> > 
> > > > > "unknown user or password" but I've checked them to be
> > correct.
> > 
> > > > > 
> > 
> > > > > I tried setting the log level to 3 in "smb.conf" and while
> > trying to
> > 
> > > > join a
> > 
> > > > > computer this gets logged:
> > 
> > > > > 
> > 
> > > > > [2022/10/04 12:11:58.018256,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: AS-REQ admuser at example.net from
> > ipv4:172.27.2.58:50124 for
> > 
> > > > > krbtgt/example.net at example.net
> > 
> > > > > [2022/10/04 12:11:58.039839,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Client sent patypes: 128
> > 
> > > > > [2022/10/04 12:11:58.040080,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for PKINIT pa-data -- 
> > admuser at example.net
> > 
> > > > > [2022/10/04 12:11:58.040191,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for ENC-TS pa-data -- 
> > admuser at example.net
> > 
> > > > > [2022/10/04 12:11:58.040341,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: No preauth found, returning PREAUTH-REQUIRED --
> > 
> > > > admuser at example.net
> > 
> > > > > [2022/10/04 12:11:58.043598,  3]
> > 
> > > > >
> > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > 
> > > > >    stream_terminate_connection: Terminating connection -
> > 
> > > > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > 
> > > > > NT_STATUS_CONNECTION_DISCONNECTED'
> > 
> > > > > [2022/10/04 12:11:58.054880,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: AS-REQ admuser at example.net from
> > ipv4:172.27.2.58:50125 for
> > 
> > > > > krbtgt/example.net at example.net
> > 
> > > > > [2022/10/04 12:11:58.076255,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Client sent patypes: encrypted-timestamp, 128
> > 
> > > > > [2022/10/04 12:11:58.076483,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for PKINIT pa-data -- 
> > admuser at example.net
> > 
> > > > > [2022/10/04 12:11:58.076587,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for ENC-TS pa-data -- 
> > admuser at example.net
> > 
> > > > > [2022/10/04 12:11:58.077527,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: ENC-TS Pre-authentication succeeded -- 
> > admuser at example.net
> > 
> > > > > using aes256-cts-hmac-sha1-96
> > 
> > > > > [2022/10/04 12:11:58.077840,  3]
> > 
> > > > >
> > ../../auth/auth_log.c:635(log_authentication_event_human_readable)
> > 
> > > > >    Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
> > 
> > > > > [(null)]\[admuser at example.net] at [Tue, 04 Oct 2022
> > 12:11:58.077747
> > 
> > > > > CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK]
> > workstation
> > 
> > > > > [(null)] remote host [ipv4:172.27.2.58:50125] became
> > 
> > > > > [EXAMPLE]\[admuser] [S-1-5-21-578677625-3635414378-
> > 1858279571-1104].
> > 
> > > > > local host [NULL]
> > 
> > > > >    {"timestamp": "2022-10-04T12:11:58.086113+0200", "type":
> > 
> > > > > "Authentication", "Authentication": {"version": {"major": 1,
> > "minor":
> > 
> > > > > 2}, "eventId": 4624, "logonId": "c61be2b0d84a3e12",
> > "logonType": 3,
> > 
> > > > > "status": "NT_STATUS_OK", "localAddress": null,
> > "remoteAddress":
> > 
> > > > > "ipv4:172.27.2.58:50125", "serviceDescription": "Kerberos
> > KDC",
> > 
> > > > > "authDescription": "ENC-TS Pre-authentication",
> > "clientDomain": null,
> > 
> > > > > "clientAccount": "admuser at example.net", "workstation": null,
> > 
> > > > > "becameAccount": "admuser", "becameDomain": "EXAMPLE",
> > "becameSid":
> > 
> > > > > "S-1-5-21-578677625-3635414378-1858279571-1104",
> > "mappedAccount":
> > 
> > > > > "admuser", "mappedDomain": "EXAMPLE", "netlogonComputer":
> > null,
> > 
> > > > > "netlogonTrustAccount": null, "netlogonNegotiateFlags":
> > "0x00000000",
> > 
> > > > > "netlogonSecureChannelType": 0, "netlogonTrustAccountSid":
> > null,
> > 
> > > > > "passwordType": "aes256-cts-hmac-sha1-96", "duration":
> > 31663}}
> > 
> > > > > [2022/10/04 12:11:58.160727,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: AS-REQ authtime: 2022-10-04T12:11:58 starttime:
> > unset
> > 
> > > > > endtime: 2022-10-04T22:11:58 renew till: 2022-10-11T12:11:58
> > 
> > > > > [2022/10/04 12:11:58.161033,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-
> > 96,
> > 
> > > > > aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> > 
> > > > > aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
> > 
> > > > > [2022/10/04 12:11:58.161206,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Requested flags: renewable-ok, canonicalize,
> > renewable,
> > 
> > > > forwardable
> > 
> > > > > [2022/10/04 12:11:58.165799,  3]
> > 
> > > > >
> > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > 
> > > > >    stream_terminate_connection: Terminating connection -
> > 
> > > > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > 
> > > > > NT_STATUS_CONNECTION_DISCONNECTED'
> > 
> > > > > [2022/10/04 12:11:58.178036,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Failed to verify authenticator checksum: Decrypt
> > integrity
> > 
> > > > > check failed for checksum type rsa-md5, key type
> > 
> > > > > aes256-cts-hmac-sha1-96
> > 
> > > > > [2022/10/04 12:11:58.178282,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Failed parsing TGS-REQ from
> > ipv4:172.27.2.58:50126
> > 
> > > > > 
> > 
> > > > > As you can see, the authentication here is reported to be
> > successful.
> > 
> > > > 
> > 
> > > > Yes, the authentication for admuser is successful, but unless
> > you have
> > 
> > > > changed the Administrator name to 'admuser', the join will not
> > work,
> > 
> > > > have you tried a join with 'Administrator' ?
> > 
> > > > 
> > 
> > > > So
> > 
> > > > > far it's the same issue as here
> > 
> > > > > <
> > 
> > > > 
> > https://www.claudiokuenzler.com/blog/1065/windows-client-unable-join-domain-samba-4-domain-controller-logon-failure-unknown-user-name
> > 
> > > > > ,
> > 
> > > > > so I tried the following commands:
> > 
> > > > > 
> > 
> > > > >   root at SMBDC1:~# host -t SRV _ldap._tcp.example.net
> > 
> > > > >      _ldap._tcp.example.net has SRV record 0 100 389
> > smbdc1.example.net.
> > 
> > > > >   root at SMBDC1:~# host -t SRV _kerebros._udp.example.net
> > 
> > > > 
> > 
> > > > Is that exactly what you typed ? If so, for the third time, it
> > is
> > 
> > > > 'kerberos' not 'kerebros'.
> > 
> > > > 
> > 
> > > > >      Host _kerebros._udp.example.net not found: 3(NXDOMAIN)
> > 
> > > > >   root at SMBDC1:~# host -t A focal.exapmle.net
> > 
> > > > 
> > 
> > > > 'example' not 'exapmle'
> > 
> > > > 
> > 
> > > > 
> > 
> > > > >      Host focal.example.net not found: 3(NXDOMAIN)
> > 
> > > > > 
> > 
> > > > >   root at SMBDC1:~# dig -t SRV _kerebros._udp.frankini.net
> > 
> > > > > 
> > 
> > > > >      ; <<>> DiG 9.16.1-Ubuntu <<>> -t SRV
> > _kerebros._udp.frankini.net
> > 
> > > > 
> > 
> > > > 'kerebros' again.
> > 
> > > > 
> > 
> > > > >      ;; global options: +cmd
> > 
> > > > >      ;; Got answer:
> > 
> > > > >      ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 138
> > 
> > > > >      ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0,
> > AUTHORITY: 1,
> > 
> > > > ADDITIONAL: 0
> > 
> > > > > 
> > 
> > > > >      ;; QUESTION SECTION:
> > 
> > > > >      ;_kerebros._udp.frankini.net.   IN      SRV
> > 
> > > > > 
> > 
> > > > >      ;; AUTHORITY SECTION:
> > 
> > > > >      frankini.net.           3600    IN      SOA
> > 
> > > > >      smbdc1.frankini.net. hostmaster.        frankini.net. 55
> > 900 600
> > 
> > > > 86400 3600
> > 
> > > > > 
> > 
> > > > >      ;; Query time: 3 msec
> > 
> > > > >      ;; SERVER: 172.27.1.1#53(172.27.1.1)
> > 
> > > > >      ;; WHEN: Fri Oct 07 21:44:12 CEST 2022
> > 
> > > > >      ;; MSG SIZE  rcvd: 99
> > 
> > > > > 
> > 
> > > > > This originally worked but now i get "*Host not found*"...
> > what could
> > 
> > > > have
> > 
> > > > > changed?
> > 
> > > > > 
> > 
> > > > > *My setup*
> > 
> > > > > 
> > 
> > > > > router:     172.27.0.1
> > 
> > > > > smbdc:      172.27.1.1
> > 
> > > > > dns:        172.27.1.2
> > 
> > > > > 
> > 
> > > > > dhcp range: 172.27.2.2 - 172.27.2.254
> > 
> > > > > 
> > 
> > > > > Samba runs on an Orange Pi Zero and I connect to it through
> > Putty and
> > 
> > > > FileZilla
> > 
> > > > > 
> > 
> > > > > I route communication between the xxx.xxx.0.xxx,
> > xxx.xxx.1.xxx and
> > 
> > > > > xxx.xxx.2.xxx ip ranges and set the network mask to be
> > 255.255.0.0
> > 
> > > > > 
> > 
> > > > > *System*
> > 
> > > > > 
> > 
> > > > >   OS:    Armbian 22.05.3 Focal with Linux 5.15.48-sunxi
> > 
> > > > >   SAMBA: Samba version 4.13.17-Ubuntu
> > 
> > > > > 
> > 
> > > > > *smb.conf*
> > 
> > > > > 
> > 
> > > > > # Global parameters
> > 
> > > > > [global]
> > 
> > > > >      dns forwarder = 172.27.1.2
> > 
> > > > >      netbios name = SMBDC1
> > 
> > > > >      realm = EXAMPLE.NET <http://example.net/>
> > 
> > > > >      server role = active directory domain controller
> > 
> > > > >      workgroup = EXAMPLE
> > 
> > > > >      idmap_ldb:use rfc2307 = yes
> > 
> > > > >      host msdfs = yes
> > 
> > > > >      log level = 3
> > 
> > > > > 
> > 
> > > > > [sysvol]
> > 
> > > > >      path = /var/lib/samba/sysvol
> > 
> > > > >      read only = No
> > 
> > > > > 
> > 
> > > > > [netlogon]
> > 
> > > > >      path = /var/lib/samba/sysvol/example.net/scripts
> > 
> > > > >      read only = No
> > 
> > > > > 
> > 
> > > > > *UPDATE:*
> > 
> > > > > 
> > 
> > > > > I made an image of the disk as a backup, then did a bunch of
> > tests with
> > 
> > > > no
> > 
> > > > > success. so I finally reverted the image to the disk as it
> > was, and now
> > 
> > > > > suddenly these commands work:
> > 
> > > > > 
> > 
> > > > > root at SMBDC1:~# host -t SRV _ldap._tcp.example.net
> > 
> > > > >      _ldap._tcp.example.net has SRV record 0 100 389
> > smbdc1.example.net.
> > 
> > > > > root at SMBDC1:~# host -t SRV _kerberos._udp.example.net
> > 
> > > > >      _kerberos._udp.example.net has SRV record 0 100 88
> > 
> > > > smbdc1.example.net.
> > 
> > > > 
> > 
> > > > How can something that is spelt wrong work ?
> > 
> > > > 
> > 
> > > > Rowland
> > 
> > > > 
> > 
> > > > > root at SMBDC1:~# host -t A SMBDC1.example.net <
> > http://smbdc1.example.net/>
> > 
> > > > >      SMBDC1.example.net <http://smbdc1.example.net/> has
> > address
> > 
> > > > 172.27.1.4
> > 
> > > > > 
> > 
> > > > > So the situation now is as follows:
> > 
> > > > > 
> > 
> > > > > I added the computer "*TESTING-W11*" to the domain with my
> > domain admin
> > 
> > > > > user, not with 'administrator'. It works only if i do "
> > user at example.net"
> > 
> > > > > and not "user", which used to work before. and if someone
> > asks, yes I
> > 
> > > > also
> > 
> > > > > tried with administrator and it only work as "
> > administrator at example.com"
> > 
> > > > > 
> > 
> > > > > after the computer rebooted I tried to login but it says
> > wrong user or
> > 
> > > > > password.
> > 
> > > > > 
> > 
> > > > > this is the log file of login attempt:
> > 
> > > > > 
> > 
> > > > > [2022/10/12 19:39:25.980185,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: AS-REQ user2 at EXAMPLE from ipv4:172.27.2.26:50574
> > for
> > 
> > > > > krbtgt/EXAMPLE at EXAMPLE
> > 
> > > > > [2022/10/12 19:39:26.008882,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Client sent patypes: 128
> > 
> > > > > [2022/10/12 19:39:26.009229,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE
> > 
> > > > > [2022/10/12 19:39:26.009433,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE
> > 
> > > > > [2022/10/12 19:39:26.009709,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: No preauth found, returning PREAUTH-REQUIRED --
> > 
> > > > user2 at EXAMPLE
> > 
> > > > > [2022/10/12 19:39:26.013190,  3]
> > 
> > > > >
> > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > 
> > > > >    stream_terminate_connection: Terminating connection -
> > 
> > > > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > 
> > > > > NT_STATUS_CONNECTION_DISCONNECTED'
> > 
> > > > > [2022/10/12 19:39:26.024021,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: AS-REQ user2 at EXAMPLE from ipv4:172.27.2.26:50575
> > for
> > 
> > > > > krbtgt/EXAMPLE at EXAMPLE
> > 
> > > > > [2022/10/12 19:39:26.051743,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Client sent patypes: encrypted-timestamp, 128
> > 
> > > > > [2022/10/12 19:39:26.052093,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE
> > 
> > > > > [2022/10/12 19:39:26.052302,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE
> > 
> > > > > [2022/10/12 19:39:26.052948,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: ENC-TS Pre-authentication succeeded -- 
> > user2 at EXAMPLE using
> > 
> > > > > aes256-cts-hmac-sha1-96
> > 
> > > > > [2022/10/12 19:39:26.053349,  3]
> > 
> > > > >
> > ../../auth/auth_log.c:635(log_authentication_event_human_readable)
> > 
> > > > >    Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
> > [(null)]\
> > 
> > > > > [user2 at EXAMPLE] at [Wed, 12 Oct 2022 19:39:26.053205 CEST]
> > with
> > 
> > > > > [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation
> > [(null)]
> > 
> > > > > remote host [ipv4:172.27.2.26:50575] became [EXAMPLE]\[user2]
> > 
> > > > > [S-1-5-21-578677625-3635414378-1858279571-1105]. local host
> > [NULL]
> > 
> > > > >    {"timestamp": "2022-10-12T19:39:26.053767+0200", "type":
> > 
> > > > > "Authentication", "Authentication": {"version": {"major": 1,
> > "minor":
> > 
> > > > > 2}, "eventId": 4624, "logonId": "d3433331ec6a5bf7",
> > "logonType": 3,
> > 
> > > > > "status": "NT_STATUS_OK", "localAddress": null,
> > "remoteAddress":
> > 
> > > > > "ipv4:172.27.2.26:50575", "serviceDescription": "Kerberos
> > KDC",
> > 
> > > > > "authDescription": "ENC-TS Pre-authentication",
> > "clientDomain": null,
> > 
> > > > > "clientAccount": "user2 at EXAMPLE", "workstation": null,
> > 
> > > > > "becameAccount": "user2", "becameDomain": "EXAMPLE",
> > "becameSid":
> > 
> > > > > "S-1-5-21-578677625-3635414378-1858279571-1105",
> > "mappedAccount":
> > 
> > > > > "user2", "mappedDomain": "EXAMPLE", "netlogonComputer": null,
> > 
> > > > > "netlogonTrustAccount": null, "netlogonNegotiateFlags":
> > "0x00000000",
> > 
> > > > > "netlogonSecureChannelType": 0, "netlogonTrustAccountSid":
> > null,
> > 
> > > > > "passwordType": "aes256-cts-hmac-sha1-96", "duration":
> > 30203}}
> > 
> > > > > [2022/10/12 19:39:26.089947,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: AS-REQ authtime: 2022-10-12T19:39:26 starttime:
> > unset
> > 
> > > > > endtime: 2022-10-13T05:39:26 renew till: 2022-10-19T19:39:26
> > 
> > > > > [2022/10/12 19:39:26.090338,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-
> > 96,
> > 
> > > > > aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> > 
> > > > > aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
> > 
> > > > > [2022/10/12 19:39:26.090474,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Requested flags: renewable-ok, canonicalize,
> > renewable,
> > 
> > > > forwardable
> > 
> > > > > [2022/10/12 19:39:26.097520,  3]
> > 
> > > > >
> > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > 
> > > > >    stream_terminate_connection: Terminating connection -
> > 
> > > > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > 
> > > > > NT_STATUS_CONNECTION_DISCONNECTED'
> > 
> > > > > [2022/10/12 19:39:26.106943,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Failed to verify authenticator checksum: Decrypt
> > integrity
> > 
> > > > > check failed for checksum type rsa-md5, key type
> > 
> > > > > aes256-cts-hmac-sha1-96
> > 
> > > > > [2022/10/12 19:39:26.107170,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Failed parsing TGS-REQ from
> > ipv4:172.27.2.26:50576
> > 
> > > > > [2022/10/12 19:39:26.110456,  3]
> > 
> > > > >
> > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > 
> > > > >    stream_terminate_connection: Terminating connection -
> > 
> > > > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > 
> > > > > NT_STATUS_CONNECTION_DISCONNECTED'
> > 
> > > > > [2022/10/12 19:39:26.114239,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: AS-REQ user2 at EXAMPLE.NET from
> > ipv4:172.27.2.26:50577 for
> > 
> > > > > krbtgt/EXAMPLE.NET at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.127198,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Client sent patypes: 128
> > 
> > > > > [2022/10/12 19:39:26.127410,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.127580,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.127768,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: No preauth found, returning PREAUTH-REQUIRED --
> > 
> > > > user2 at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.130816,  3]
> > 
> > > > >
> > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > 
> > > > >    stream_terminate_connection: Terminating connection -
> > 
> > > > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > 
> > > > > NT_STATUS_CONNECTION_DISCONNECTED'
> > 
> > > > > [2022/10/12 19:39:26.140450,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: AS-REQ user2 at EXAMPLE.NET from
> > ipv4:172.27.2.26:50578 for
> > 
> > > > > krbtgt/EXAMPLE.NET at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.152897,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Client sent patypes: encrypted-timestamp, 128
> > 
> > > > > [2022/10/12 19:39:26.153102,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.153210,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.153583,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: ENC-TS Pre-authentication succeeded -- 
> > user2 at EXAMPLE.NET
> > 
> > > > > using aes256-cts-hmac-sha1-96
> > 
> > > > > [2022/10/12 19:39:26.153816,  3]
> > 
> > > > >
> > ../../auth/auth_log.c:635(log_authentication_event_human_readable)
> > 
> > > > >    Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
> > 
> > > > > [(null)]\[user2 at EXAMPLE.NET] at [Wed, 12 Oct 2022
> > 19:39:26.153732
> > 
> > > > > CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK]
> > workstation
> > 
> > > > > [(null)] remote host [ipv4:172.27.2.26:50578] became
> > [EXAMPLE]\[user2]
> > 
> > > > > [S-1-5-21-578677625-3635414378-1858279571-1105]. local host
> > [NULL]
> > 
> > > > >    {"timestamp": "2022-10-12T19:39:26.154039+0200", "type":
> > 
> > > > > "Authentication", "Authentication": {"version": {"major": 1,
> > "minor":
> > 
> > > > > 2}, "eventId": 4624, "logonId": "869dfe1fc68f82a8",
> > "logonType": 3,
> > 
> > > > > "status": "NT_STATUS_OK", "localAddress": null,
> > "remoteAddress":
> > 
> > > > > "ipv4:172.27.2.26:50578", "serviceDescription": "Kerberos
> > KDC",
> > 
> > > > > "authDescription": "ENC-TS Pre-authentication",
> > "clientDomain": null,
> > 
> > > > > "clientAccount": "user2 at EXAMPLE.NET", "workstation": null,
> > 
> > > > > "becameAccount": "user2", "becameDomain": "EXAMPLE",
> > "becameSid":
> > 
> > > > > "S-1-5-21-578677625-3635414378-1858279571-1105",
> > "mappedAccount":
> > 
> > > > > "user2", "mappedDomain": "EXAMPLE", "netlogonComputer": null,
> > 
> > > > > "netlogonTrustAccount": null, "netlogonNegotiateFlags":
> > "0x00000000",
> > 
> > > > > "netlogonSecureChannelType": 0, "netlogonTrustAccountSid":
> > null,
> > 
> > > > > "passwordType": "aes256-cts-hmac-sha1-96", "duration":
> > 13913}}
> > 
> > > > > [2022/10/12 19:39:26.182189,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: AS-REQ authtime: 2022-10-12T19:39:26 starttime:
> > unset
> > 
> > > > > endtime: 2022-10-13T05:39:26 renew till: 2022-10-19T19:39:26
> > 
> > > > > [2022/10/12 19:39:26.182483,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-
> > 96,
> > 
> > > > > aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> > 
> > > > > aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
> > 
> > > > > [2022/10/12 19:39:26.182612,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Requested flags: renewable-ok, canonicalize,
> > renewable,
> > 
> > > > forwardable
> > 
> > > > > [2022/10/12 19:39:26.187831,  3]
> > 
> > > > >
> > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > 
> > > > >    stream_terminate_connection: Terminating connection -
> > 
> > > > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > 
> > > > > NT_STATUS_CONNECTION_DISCONNECTED'
> > 
> > > > > [2022/10/12 19:39:26.197162,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Failed to verify authenticator checksum: Decrypt
> > integrity
> > 
> > > > > check failed for checksum type rsa-md5, key type
> > 
> > > > > aes256-cts-hmac-sha1-96
> > 
> > > > > [2022/10/12 19:39:26.197385,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Failed parsing TGS-REQ from
> > ipv4:172.27.2.26:50579
> > 
> > > > > [2022/10/12 19:39:26.202216,  3]
> > 
> > > > >
> > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > 
> > > > >    stream_terminate_connection: Terminating connection -
> > 
> > > > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > 
> > > > > NT_STATUS_CONNECTION_DISCONNECTED'
> > 
> > > > > [2022/10/12 19:39:26.206268,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: AS-REQ user2 at EXAMPLE.NET from
> > ipv4:172.27.2.26:50580 for
> > 
> > > > > krbtgt/EXAMPLE.NET at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.218896,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Client sent patypes: 128
> > 
> > > > > [2022/10/12 19:39:26.219112,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.219220,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.219367,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: No preauth found, returning PREAUTH-REQUIRED --
> > 
> > > > user2 at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.226212,  3]
> > 
> > > > >
> > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > 
> > > > >    stream_terminate_connection: Terminating connection -
> > 
> > > > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > 
> > > > > NT_STATUS_CONNECTION_DISCONNECTED'
> > 
> > > > > [2022/10/12 19:39:26.236585,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: AS-REQ user2 at EXAMPLE.NET from
> > ipv4:172.27.2.26:50581 for
> > 
> > > > > krbtgt/EXAMPLE.NET at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.249060,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Client sent patypes: encrypted-timestamp, 128
> > 
> > > > > [2022/10/12 19:39:26.249272,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.249377,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.249842,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: ENC-TS Pre-authentication succeeded -- 
> > user2 at EXAMPLE.NET
> > 
> > > > > using aes256-cts-hmac-sha1-96
> > 
> > > > > [2022/10/12 19:39:26.250084,  3]
> > 
> > > > >
> > ../../auth/auth_log.c:635(log_authentication_event_human_readable)
> > 
> > > > >    Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
> > 
> > > > > [(null)]\[user2 at EXAMPLE.NET] at [Wed, 12 Oct 2022
> > 19:39:26.250002
> > 
> > > > > CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK]
> > workstation
> > 
> > > > > [(null)] remote host [ipv4:172.27.2.26:50581] became
> > [EXAMPLE]\[user2]
> > 
> > > > > [S-1-5-21-578677625-3635414378-1858279571-1105]. local host
> > [NULL]
> > 
> > > > >    {"timestamp": "2022-10-12T19:39:26.250309+0200", "type":
> > 
> > > > > "Authentication", "Authentication": {"version": {"major": 1,
> > "minor":
> > 
> > > > > 2}, "eventId": 4624, "logonId": "b111aea5f91526ac",
> > "logonType": 3,
> > 
> > > > > "status": "NT_STATUS_OK", "localAddress": null,
> > "remoteAddress":
> > 
> > > > > "ipv4:172.27.2.26:50581", "serviceDescription": "Kerberos
> > KDC",
> > 
> > > > > "authDescription": "ENC-TS Pre-authentication",
> > "clientDomain": null,
> > 
> > > > > "clientAccount": "user2 at EXAMPLE.NET", "workstation": null,
> > 
> > > > > "becameAccount": "user2", "becameDomain": "EXAMPLE",
> > "becameSid":
> > 
> > > > > "S-1-5-21-578677625-3635414378-1858279571-1105",
> > "mappedAccount":
> > 
> > > > > "user2", "mappedDomain": "EXAMPLE", "netlogonComputer": null,
> > 
> > > > > "netlogonTrustAccount": null, "netlogonNegotiateFlags":
> > "0x00000000",
> > 
> > > > > "netlogonSecureChannelType": 0, "netlogonTrustAccountSid":
> > null,
> > 
> > > > > "passwordType": "aes256-cts-hmac-sha1-96", "duration":
> > 13999}}
> > 
> > > > > [2022/10/12 19:39:26.278425,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: AS-REQ authtime: 2022-10-12T19:39:26 starttime:
> > unset
> > 
> > > > > endtime: 2022-10-13T05:39:26 renew till: 2022-10-19T19:39:26
> > 
> > > > > [2022/10/12 19:39:26.278721,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-
> > 96,
> > 
> > > > > aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> > 
> > > > > aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
> > 
> > > > > [2022/10/12 19:39:26.278850,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Requested flags: renewable-ok, canonicalize,
> > renewable,
> > 
> > > > forwardable
> > 
> > > > > [2022/10/12 19:39:26.284069,  3]
> > 
> > > > >
> > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > 
> > > > >    stream_terminate_connection: Terminating connection -
> > 
> > > > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > 
> > > > > NT_STATUS_CONNECTION_DISCONNECTED'
> > 
> > > > > [2022/10/12 19:39:26.293333,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Failed to verify authenticator checksum: Decrypt
> > integrity
> > 
> > > > > check failed for checksum type rsa-md5, key type
> > 
> > > > > aes256-cts-hmac-sha1-96
> > 
> > > > > [2022/10/12 19:39:26.293567,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Failed parsing TGS-REQ from
> > ipv4:172.27.2.26:50582
> > 
> > > > > [2022/10/12 19:39:26.297119,  3]
> > 
> > > > >
> > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > 
> > > > >    stream_terminate_connection: Terminating connection -
> > 
> > > > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > 
> > > > > NT_STATUS_CONNECTION_DISCONNECTED'
> > 
> > > > > [2022/10/12 19:39:26.301280,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: AS-REQ user2 at EXAMPLE.NET from
> > ipv4:172.27.2.26:50583 for
> > 
> > > > > krbtgt/EXAMPLE.NET at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.314043,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Client sent patypes: 128
> > 
> > > > > [2022/10/12 19:39:26.314253,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.314361,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.314507,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: No preauth found, returning PREAUTH-REQUIRED --
> > 
> > > > user2 at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.317995,  3]
> > 
> > > > >
> > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > 
> > > > >    stream_terminate_connection: Terminating connection -
> > 
> > > > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > 
> > > > > NT_STATUS_CONNECTION_DISCONNECTED'
> > 
> > > > > [2022/10/12 19:39:26.328064,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: AS-REQ user2 at EXAMPLE.NET from
> > ipv4:172.27.2.26:50584 for
> > 
> > > > > krbtgt/EXAMPLE.NET at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.340620,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Client sent patypes: encrypted-timestamp, 128
> > 
> > > > > [2022/10/12 19:39:26.340832,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.340934,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> > 
> > > > > [2022/10/12 19:39:26.341304,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: ENC-TS Pre-authentication succeeded -- 
> > user2 at EXAMPLE.NET
> > 
> > > > > using aes256-cts-hmac-sha1-96
> > 
> > > > > [2022/10/12 19:39:26.341534,  3]
> > 
> > > > >
> > ../../auth/auth_log.c:635(log_authentication_event_human_readable)
> > 
> > > > >    Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
> > 
> > > > > [(null)]\[user2 at EXAMPLE.NET] at [Wed, 12 Oct 2022
> > 19:39:26.341453
> > 
> > > > > CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK]
> > workstation
> > 
> > > > > [(null)] remote host [ipv4:172.27.2.26:50584] became
> > [EXAMPLE]\[user2]
> > 
> > > > > [S-1-5-21-578677625-3635414378-1858279571-1105]. local host
> > [NULL]
> > 
> > > > >    {"timestamp": "2022-10-12T19:39:26.341761+0200", "type":
> > 
> > > > > "Authentication", "Authentication": {"version": {"major": 1,
> > "minor":
> > 
> > > > > 2}, "eventId": 4624, "logonId": "4baa7d35daccf446",
> > "logonType": 3,
> > 
> > > > > "status": "NT_STATUS_OK", "localAddress": null,
> > "remoteAddress":
> > 
> > > > > "ipv4:172.27.2.26:50584", "serviceDescription": "Kerberos
> > KDC",
> > 
> > > > > "authDescription": "ENC-TS Pre-authentication",
> > "clientDomain": null,
> > 
> > > > > "clientAccount": "user2 at EXAMPLE.NET", "workstation": null,
> > 
> > > > > "becameAccount": "user2", "becameDomain": "EXAMPLE",
> > "becameSid":
> > 
> > > > > "S-1-5-21-578677625-3635414378-1858279571-1105",
> > "mappedAccount":
> > 
> > > > > "user2", "mappedDomain": "EXAMPLE", "netlogonComputer": null,
> > 
> > > > > "netlogonTrustAccount": null, "netlogonNegotiateFlags":
> > "0x00000000",
> > 
> > > > > "netlogonSecureChannelType": 0, "netlogonTrustAccountSid":
> > null,
> > 
> > > > > "passwordType": "aes256-cts-hmac-sha1-96", "duration":
> > 13987}}
> > 
> > > > > [2022/10/12 19:39:26.369985,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: AS-REQ authtime: 2022-10-12T19:39:26 starttime:
> > unset
> > 
> > > > > endtime: 2022-10-13T05:39:26 renew till: 2022-10-19T19:39:26
> > 
> > > > > [2022/10/12 19:39:26.370274,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-
> > 96,
> > 
> > > > > aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> > 
> > > > > aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
> > 
> > > > > [2022/10/12 19:39:26.370405,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Requested flags: renewable-ok, canonicalize,
> > renewable,
> > 
> > > > forwardable
> > 
> > > > > [2022/10/12 19:39:26.375775,  3]
> > 
> > > > >
> > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > 
> > > > >    stream_terminate_connection: Terminating connection -
> > 
> > > > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > 
> > > > > NT_STATUS_CONNECTION_DISCONNECTED'
> > 
> > > > > [2022/10/12 19:39:26.385121,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Failed to verify authenticator checksum: Decrypt
> > integrity
> > 
> > > > > check failed for checksum type rsa-md5, key type
> > 
> > > > > aes256-cts-hmac-sha1-96
> > 
> > > > > [2022/10/12 19:39:26.385343,  3]
> > 
> > > > > 
> > 
> > > >
> > ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_w
> > rapper)
> > 
> > > > >    Kerberos: Failed parsing TGS-REQ from
> > ipv4:172.27.2.26:50585
> > 
> > > > > [2022/10/12 19:39:26.388686,  3]
> > 
> > > > >
> > ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> > 
> > > > >    stream_terminate_connection: Terminating connection -
> > 
> > > > > 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > 
> > > > > NT_STATUS_CONNECTION_DISCONNECTED'
> > 
> > > > > 
> > 
> > > > > is there something wrong in the log file?
> > 
> > > > > 
> > 
> > > > > 
> > 
> > > > > Thank you,
> > 
> > > > > 
> > 
> > > > > Diego
> > 
> > > > 
> > 
> > > > --
> > 
> > > > To unsubscribe from this list go to the following URL and read
> > the
> > 
> > > > instructions:  https://lists.samba.org/mailman/options/samba
> > 
> > > > 
> > 
> > 
> > 
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open SourceSolutions


More information about the samba mailing list