[Samba] Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in
Virgo Pärna
virgo.parna at mail.ee
Thu Jan 23 14:38:08 UTC 2025
It is quite possible, that NT_STATUS_TIME_DIFFERENCE_AT_DC is some kind
of red herring. I found thread from July, where it was suggested, that
"Samba seems to return it as an error code as a backstop".
I did add log level = 10 with custom IP based filename to get
additional logs. But it seems, that with
log level = 1 auth_audit:5@/var/log/samba/auth_audit.log
in main config... auth audit log goes still there.
One additional strange thing I did notice in that log, was, that Samba
seems to be using strange 0 datetime in logs... In data structures were
values like
creation_time : N jaan 23 08:26:52 2025 EET
expiration_time : N jaan 23 01:55:33 1975 MSK
(Default locale is et_EE locale... jaan - jan, N - Thu.)
I would assume, that this 50 years in past date is some kind of null
values.
Although, I do not think that there is actual time syncing issue.
Because I have backup script, that connects to read-only share at that
computer from linux with special backup user and it uses krb5
authentication to mount it. I would assume, that with wrong time that
would also not work.
--
Virgo Pärna
virgo.parna at mail.ee
More information about the samba
mailing list