[Samba] Fwd: **[EXTERNAL]**Re: **[EXTERNAL]**Re: Samba rejecting authentication from Windows machines

[Kees van Vloten]

Okay so the issue with the RSAT-VM really came from this Security update 
so this is solved, thanks again!

The issue with the trust still exists and it doesn't seem to have 
anything to do with the recent update.

Some additional info: When trying to validate the trust from the 
Samba-Domain to the Windows-Domain while using the RSAT-VM I get the 
following error:

The secure channel (SC) reset on Active Directory Domain Controller 
dc01.domain1.tld of domain domain1.tld to domain domain2.tld failed with 
error: We can't sign you in with this credential because your domain 
isn't available. Make sure your device is connected to your 
organization's network and try again. If you previously signed in on 
this device with another credential, you can sign in with that credential.

And again: This issue already appeared before the newest 
MS-Securityupdates. It just vanished by itself before after a few hours.

Kind regards

-----Original Message-----
From: samba <samba-bounces at lists.samba.org> On Behalf Of Kees van Vloten 
via samba
Sent: Thursday, 20 July 2023 16:54
To: samba at lists.samba.org
Subject: **[EXTERNAL]**Re: [Samba] **[EXTERNAL]**Re: Samba rejecting 
authentication from Windows machines


On 20-07-2023 16:50, Kothe Patrik via samba wrote:
> Thanks for the info. I'm going to uninstall this update on the RSAT-VM to see if anything changes.
Be aware that MS fixed a 132 vulnerabilities, among which 6 zero-days.
> Although I have to add, this doesn't really match with the Trust problem since it was one week before this MS-patch, that somebody already reported the current issue. The only difference is, that back then the issue just disappeared by itself after a few hours. That's why we couldn't investigate it earlier.
>
> Kind regards
> Patrik
>
> -----Original Message-----
> From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland Penny
> via samba
> Sent: Thursday, 20 July 2023 16:24
> To: samba at lists.samba.org
> Cc: Rowland Penny <rpenny at samba.org>
> Subject: **[EXTERNAL]**Re: [Samba] Samba rejecting authentication from
> Windows machines
>
>
>
> On 20/07/2023 15:02, Kothe Patrik via samba wrote:
>> What version of Samba are the DCs running and on what OS ?
>>            --> They're still running on 4.13.17 and Debian 10 since that's the pre-packed version we started with and didn't dare to upgrade so far.
>> Was anything updated on any of the machines ? If so, what ?
>>            --> No. We had our monthly maintenance window but there
>> were no upgrades to the Samba DCs This could be more fall out from Microsoft's last update
>>            --> What do you mean with this? I haven't read anything in this direction while searching for the issue.
>>
> On the 7th July, Microsoft released a large update, KB5028166 (this also seems to have different identities on different Windows versions), after the update there were numerous Samba problems, mostly to do with trusts and authentication. an interim patch was quickly produced and this seems to have mitigated the problem.
>
> I would suggest that upgrading Samba is probably your next step, but you will probably have to upgrade to bullseye or bookworm.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:
> https://list/
> s.samba.org%2Fmailman%2Foptions%2Fsamba&data=05%7C01%7Cpatrik.kothe%40
> nanotronic.ch%7C7d1b9438192c46f0a0bd08db89316797%7Cffe233f31cf44956b8a
> d4c6b98cf898e%7C0%7C0%7C638254617502547870%7CUnknown%7CTWFpbGZsb3d8eyJ
> WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000
> %7C%7C%7C&sdata=boSumfvZywfa9jWe3R4P8trWhLW1wib69Z%2BBiET679I%3D&reser
> ved=0

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba