[Samba] netlogon_creds_encrypt_samlogon_validation() failed - NT_STATUS_INVALID_INFO_CLASS

Mon Dec 18 08:08:21 UTC 2023

Hello, I found what is causing the error, it wasn't update related at all,
just a random coincidence of me looking at samba DC logs while using hyperv
feature of remote console to the updated VM.

Remote console to VM via windows 2016 hyperv host uses kerberos and even
though it's working, it floods DC log with this error, while using said
console.

I suppose I can rather safely ignore it then?

Regards,
Kacper

pon., 18 gru 2023, 01:51 użytkownik Andrew Bartlett <abartlet at samba.org>
napisał:

> On Sun, 2023-12-17 at 22:52 +0100, Kacper Wirski via samba wrote:
>
> *Hello,*
>
>
> *I'm running samba as AD DC on Debian 10, 3 DC's total, samba is from
>
> base debian repo
>
> *
>
>
> *Version 4.13.13-Debian
>
> *
>
>
> today on one of my DC's I started to see error such as this:
>
>
>
> *samba[2720697]: [2023/12/17 22:36:21.896597,  0]
>
> ../../source4/rpc_server/netlogon/dcerpc_netlogon.c:1414(dcesrv_netr_LogonSamLogon_base_reply)
>
> samba[2720697]:   dcesrv_netr_LogonSamLogon_base_reply:
>
> netlogon_creds_encrypt_samlogon_validation() failed -
>
> NT_STATUS_INVALID_INFO_CLASS*
>
>
> *
>
> *
>
>
> *it started to appear after I moved my VM with samba file server between
>
> 2 hyper-v hosts. In my samba DC log, before this error appears, I see:*
>
>
> *samba[2720714]:   Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
>
> [(null)]\[SRV6$@MYDOMAIN] at [Sun, 17 Dec 2023 22:36:21.851537 CET] with
>
> [arcfour-hmac-md5] status [NT_STATUS_OK] workstation [(null)] remote
>
> host [ipv4:192.1 etc.
>
> samba[2720714]:   {"timestamp": "2023-12-17T22:36:21.851719+0100",
>
> "type": "Authentication", "Authentication": {"version": {"major": 1,
>
> "minor": 2}, "eventId": 4624, "logonId": "b204a5992394b4e1",
>
> "logonType": 3, "status": "NT_STATUS_OK", etc.
>
> *
>
>
> *VM itself was updated (centos 7.9 running samba from repo i.e. Version
>
> 4.10.16)
>
> *
>
>
> This is the more important detail than the host migration.   Samba 4.11 included this commit:
>
>
> commit 8c9cf56fe9865029bf033557b00e8987873a7096
>
> Author: Andreas Schneider <asn at samba.org>
>
> Date:   Wed May 29 14:39:34 2019 +0200
>
>
>     libcli:auth: Return NTSTATUS for netlogon_creds_server_step_check()
>
>         Signed-off-by: Andreas Schneider <asn at samba.org>
>
>     Reviewed-by: Andrew Bartlett <abartlet at samba.org>
>
>
> The code now says:
>
>
> 	default:
>
> 		/* If we can't find it, we can't very well decrypt it */
>
> 		return NT_STATUS_INVALID_INFO_CLASS;
>
>
> The server is sending back some data that we don't know how to handle.
>
>
> More details may be available at higher debug levels, but it gets overwhelming fast and can contain sensitive info.
>
>
> Andrew Bartlett
>
>
> --
>
> Andrew Bartlett (he/him)       https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead                https://catalyst.net.nz/services/samba
> Catalyst.Net Ltd
>
> Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company
>
> Samba Development and Support: https://catalyst.net.nz/services/samba
>
> Catalyst IT - Expert Open Source Solutions
>