[Samba] Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in
Virgo Pärna
virgo.parna at mail.ee
Wed Jan 22 09:38:24 UTC 2025
On 22.01.2025 10:29, Georg Weickelt via samba wrote:
> this has also happened to us recently. However, the login of this user
> then worked on another computer and often also after a restart of the
> client.
I did have problem with Windows 10 computers for last few weeks, that
domain user could not log via remote desktop. But could log in directly
from console. And that was fixed by restart.
But did you also have NETLOGON errors on Event log?
> I suspect it is related to changes in Windows. Apparently, older RC4
> tickets are no longer supported. We have the same Samba version and I am
> sure that the newer Kerberos encryption types AES 128 or AES 256 are
> supported. Maybe you can check the following:
> In the user manager under ‘Account’: ‘This account supports Kerberos AES
> 128-bit encryption’ and ‘This account supports Kerberos AES 256-bit
> encryption’ - are they ticked?
Nothing is checked there for user account.
> Have the passwords perhaps not been changed for a long time?
After this started happening, I did try setting same password again for
user with smbpasswd in linux.
But that NETLOGON message in event log makes it look, like more generic
problem.
I thought of checking name resolution, but Windows nslookup seems to be
unable to resolve SRV records. But they seem to be ok. Windows nslookup
requiring ending name with dot caused some initial confusion.
--
Virgo Pärna
virgo.parna at mail.ee
More information about the samba
mailing list