[Samba] Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue
Dr. Nicola Mingotti
nmingotti at gmail.com
Mon Oct 17 14:58:17 UTC 2022
Thank you a lot for reporting this in the mailing list.
I also found this horrible issue putting a new Win-11 laptop in the
Samba domain and lost hours in anger trying to make it work.
Windows as usual reports silly/useless error messages. On Samba logs i
found a suspicious line and googling that i was able to find a blog
where the thing is discussed (and in Reddit)
Then finally I see the message here, and I am more confident the info is
I may recommend to put a well visible link in Samba Web homepage when
this kind of issues emerge.
Even if it is Microsoft who broke things and it is not a Samba bug, we
proud Samba users/admins will suffer, so better to warn us before we
bang our head against the wall for hours, if possible ;)
On 10/3/22 11:15, Denis CARDON via samba wrote:
> Hi everyone,
> we had a call last week from a client with a win11 workstation that
> upgraded to 22H2 and couldn't authenticate to their Samba-AD 4.15
> There are a few related post on reddit  and it seems to be linked
> to this issue in Heimdal . Upgrading to Samba 4.16 fixed the issue,
> probably due to the integration of with Heimdal-8.0pre.
> The issue is due to a timestamp in the TGS-REQ where it is set to max
> value in Microsoft kerberos client instead of the usual 2038 timestamp
> (till=99990913024805Z), and Microsoft says it is by the specs  and
> won't be changed.
> I didn't found any Samba bugzilla entry for this bug, which is going
> to get widespread quite fast as Microsoft starts force-feeding this
> upgrade on unsuspicious end users. I can create a bugzilla entry if
> there is none yet.
> There is only one supported version that is impacted (4.15), but it
> should at least be more communication to encourage people to upgrade
> before being bitten by this issue.
>  https://github.com/heimdal/heimdal/issues/1011
More information about the samba