[Samba] Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in
Luca Olivetti
luca at wetron.es
Thu Feb 13 21:19:33 UTC 2025
El 13/2/25 a les 19:43, Kacper Wirski via samba ha escrit:
> I just want to add, that this week I introduced first windows 11 24h2 to
> AD - everything up to 23h2 is working fine - but windows 11 24h2 has
> some strange kerberos-related issues.
>
> I added pc to domain successfully and can log in, but I can't access
> sysvol and netlogon and gpupdate fails. Automatic DNS update from the
> workstation fails with insufficient rights (running bind on samba ad dc)
> and one of my applications that uses kerberos to access ms sql database
> also fails, so everything points to some kerberos feature/change.
The problem could be the certificate of the samba dc, if it's
self-signed or signed by a local certificate authority.
If you have in smb.conf
tls enabled = yes
tls keyfile = /path/to/your.dc.key
tls certfile = /path/to/your.dc.crt
tls cafile = /path/to/your.ca.crt
try installing the ca certificate in your windows client.
Alternatively you could get your dc certificate from letsencrypt but I
didn't test that yet.
Bye
--
Luca Olivetti
Tel. +34 935883004 Ext. 3010
https://wetron.es
https://wecobots.com
More information about the samba
mailing list