[Samba] NT_STATUS_DOWNGRADE_DETECTED
Anantha Raghava
raghav at exzatechconsulting.com
Tue May 2 09:36:44 UTC 2023
Hi,
We recently upgraded to Samba Version 4.18.1 from 4.15.6.
While adding new users to Vcenter console, new user addition is getting
refused. While assessing the problem we see a peculiar error in the log.
This was working properly earlier with 4.15.6
The error log shows as follows:
{"timestamp": "2023-05-02T11:13:08.478955+0530", "type":
"Authentication", "Authentication": {"version": {"major": 1, "minor":
2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status":
"NT_STATUS_DOWNGRADE_DETECTED", "localAddress":
"ipv4:172.16.202.175:445", "remoteAddress": "ipv4:172.16.223.16:35096",
"serviceDescription": "NETLOGON", "authDescription":
"ServerAuthenticate", "clientDomain": "KTKBANKLTD", "clientAccount":
"KBLVCENT-TUZ6BW$", "workstation": null, "becameAccount": &quo
t;KBLVCENT-TUZ6BW$", "becameDomain": "KTKBANKLTD", "becameSid": null,
"mappedAccount": "KBLVCENT-TUZ6BW$", "mappedDomain": null, &quo
t;netlogonComputer": "KBLVCENT-TUZ6BW", "netlogonTrustAccount":
"KBLVCENT-TUZ6BW$", "netlogonNegotiateFlags": "0x6007FFFF",
"netlogonSecureChannelType": 2, "netlogonTrustAccountSid": null,
"passwordType": "HMAC-MD5"}}
Samba is installed on RHEL 8
our smb.conf shown below.
*smb.conf*
# Global parameters
[global]
netbios name = PDC
realm = KTKBANKLTD.COM
server role = active directory domain controller
workgroup = KTKBANKLTD
idmap_ldb:use rfc2307 = yes
ldap server require strong auth = No
dns forwarder = x.x.x.x
allow dns updates = nonsecure
tls priority = NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2
log level = 3 auth_audit:0 auth_json_audit:3 dsdb_json_audit:5
log file = /var/log/samba/pdc.log
max log size = 1000000000
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/ktkbankltd.com/scripts
read only = No
Request someone to help us fix the issue.
--
Thanks & Regards,
Raghav
DISCLAIMER:
This e-mail communication and any attachments may be privileged and
confidential to Exzatech Consulting And Services Pvt. Ltd., Bangalore,
and are intended only for the use of the recipients named above If you
are not the addressee you may not copy, forward, disclose or use any
part of it. If you have received this message in error, please delete it
and all copies from your system and notify the sender immediately by
return e-mail. Internet communications cannot be guaranteed to be
timely, secure, error or virus-free. The sender does not accept
liability for any errors or omissions.
Do not print this e-mail unless required. Save Paper & trees.
More information about the samba
mailing list