[Samba] Perplexing problem
Ray Klassen
ray.klassen at icloud.com
Wed Nov 1 15:45:02 UTC 2023
Sorry. Forgot to mention that. Chrony now installed and configured on all DC's per the samba wiki. appears to be working. On Nov. 1, 2023, at 12:07 a.m., Peter Milesson via samba <samba at lists.samba.org> wrote: On 31.10.2023 21:45, Ray Klassen via samba wrote: 4 DC's Samba version 4.19.2 compiled from tarball on Debian 12.2 (have run this way always up to date tarballs for maybe 15 years. Wkstations: Windows 10 up dated to latest security patches About a week and half ago, workstations started fail on login with "Incorrect Password" until restarted, sometimes several times after which no problem for maybe a few days. (not sure about this, just don't seem to get calls right the next day on the same PC.) Remote Desktop also behaves peculiarly when workstation is in this state -- a successful connection may actually get the user to a log in screen they can't get past. Normally Remote Desktop will drop the connection if the password fails. This looks like the connection to the machine is successful, but the windows session connection fails. If network cable is unplugged the PC logs in fine, using the locally cached password hash. Log level 255 for an affected PC doesn't look that promising. The only thing that looks suspicious are exchanges wh ere there's some sort of authentication and the workstation presents its IP address as its name. Wireshark traffic of the failing login (decoded by use of a DC keytab) reveals a bunch of successful requests and responses. No glaring errors. Investigation reveals that dynamic DNS updates are not working. I reset allow dns update to 'nonsecure' -- no difference. Could this be the cause? Recent changes to the system: Upgrade to samba 4.19.2 from 4.19.1 raise domain/forest funtional level from 2003 to 2008_r2 (in preparation for Entra Cloud software. Better than AD Connect?) Windows service packs? Any ideas/pointers appreciated... Hi Ray, Clock synchronization? If you have got ntpsec on the DCs, that wont work. Must use Chrony. Best regards, Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list