[Samba] Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in

Virgo Pärna virgo.parna at mail.ee
Thu Jan 23 14:38:08 UTC 2025


	It is quite possible, that NT_STATUS_TIME_DIFFERENCE_AT_DC is some kind 
of red herring. I found thread from July, where it was suggested, that 
"Samba seems to return it as an error code as a backstop".
	I did add log level = 10 with custom IP based filename to get 
additional logs. But it seems, that with
log level = 1 auth_audit:5@/var/log/samba/auth_audit.log
in main config... auth audit log goes still there.

	One additional strange thing I did notice in that log, was, that Samba 
seems to be using strange 0 datetime in logs... In data structures were 
values like
creation_time   : N jaan  23 08:26:52 2025 EET
expiration_time : N jaan  23 01:55:33 1975 MSK
(Default locale is et_EE locale... jaan - jan, N - Thu.)

I would assume, that this 50 years in past date is some kind of null 
values.

	Although, I do not think that there is actual time syncing issue. 
Because I have backup script, that connects to read-only share at that 
computer from linux with special backup user and it uses krb5 
authentication to mount it. I would assume, that with wrong time that 
would also not work.

	

-- 
Virgo Pärna
virgo.parna at mail.ee



More information about the samba mailing list