[Samba] Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in
Kacper Wirski
kacper.wirski at gmail.com
Thu Feb 13 21:53:52 UTC 2025
It's definately not that, i'm running local pki and CA is distributed to
all station, new win 11 24h2 has the root CA is the proper store (one of
the things I double checked), and samba ad dc servers use certificates
issued by this CA.
Do You have windows 11 24h2 in samba ad with no issues? Which samba
version You're running?
Regards,
Kacper
W dniu 13.02.2025 o 22:19, Luca Olivetti via samba pisze:
> El 13/2/25 a les 19:43, Kacper Wirski via samba ha escrit:
>
>> I just want to add, that this week I introduced first windows 11 24h2
>> to AD - everything up to 23h2 is working fine - but windows 11 24h2
>> has some strange kerberos-related issues.
>>
>> I added pc to domain successfully and can log in, but I can't access
>> sysvol and netlogon and gpupdate fails. Automatic DNS update from the
>> workstation fails with insufficient rights (running bind on samba ad
>> dc) and one of my applications that uses kerberos to access ms sql
>> database also fails, so everything points to some kerberos
>> feature/change.
>
>
> The problem could be the certificate of the samba dc, if it's
> self-signed or signed by a local certificate authority.
> If you have in smb.conf
>
> tls enabled = yes
> tls keyfile = /path/to/your.dc.key
> tls certfile = /path/to/your.dc.crt
> tls cafile = /path/to/your.ca.crt
>
>
> try installing the ca certificate in your windows client.
> Alternatively you could get your dc certificate from letsencrypt but I
> didn't test that yet.
>
> Bye
>
--
Ta wiadomość e-mail została sprawdzona pod kątem wirusów przez oprogramowanie antywirusowe Avast.
www.avast.com
More information about the samba
mailing list