[Samba] Persistent event 4625 on RDP login

[Philippe Clérié]

Good day all,

About a month ago I was installing Java 8u341 on a workstation attached to
a Samba AD domain, using my usual domain administrator account via RDP. I
also let Windows install some already downloaded updates, then I rebooted.
On reboot, I could no longer log in with an existing non-administrator
domain account authorized for RDP. Machine local accounts (admin) could now
login remotely. The user at the computer had no such problem and could use
her domain account as usual. Event 4625 is associated with the failed login
event.

(By the way, the Java install and the updates are included because that's
what I was doing at the time. I'm not implying anything, particularly since
the other two computers I worked on that day had no such issues).

I did what one does with Windows. First I confirmed that both the user and
the domain admin accounts could login directly. Then, in sequence:


- Reboot
- Restart Samba AD
- Check/clear cached credentials
- Drop the machine from the domain and rejoin

At some point the domain administrator also stopped being able to RDP to
the machine.

For different reasons I was unable to get back to the issue and since I had
no complaints, and no resolution the situation is still unresolved.


Google has not been very helpful. So I'm hoping to get some clues from the
pros...

Software:

- VM based on LXD 5.15
- Ubuntu 22.04 (GNU/Linux 5.15.0-78-generic x86_64)
- Samba 4.15 (2:4.15.13+dfsg-0ubuntu1.3)

Samba is the only thing running on the VM. File sharing is different VM.

Thanks in advance

Best

Philippe


The trouble with common sense is that it is so uncommon.
<Anonymous>