[Samba] Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in
Virgo Pärna
virgo.parna at mail.ee
Fri Jan 31 08:42:12 UTC 2025
On 30.01.2025 21:44, Rowland Penny via samba wrote:
>
> A post on reddit on a similar subject lead to this:
>
> https://learn.microsoft.com/en-us/answers/questions/2086759/insufficient-system-resources-exist-to-complete-th
>
> Perhaps it will help.
Interesting. Different error (I'm getting invalid username/password),
but is worth checking. PC does not have Bitlocker fortunately. And all
the VM-s I have tested are running in same Win 11 PC. I'll try clearing
TMP on next office day (currently working remotely).
Credential guard is not available, because it is not Windows 11
Enterprise (it is Pro). And re-enabling Core Protection did change
anything (had this disabled, because Smart Card reader drived does not
work with 24H2 otherwise).
And just changing algorithms allowed for Kerberos had no effect.
Strange thing was, that when I tested it Windows 11 22H2 test machine
(that I today upgraded to 23H2) and enabled debug log on Windows
NETLOGON service, then in that log it complained:
01/30 15:28:23 [ERROR] [1320] NlpStoreKeyInDS: Unable to get computer DN: 5
01/30 15:28:23 [ERROR] [1320] NlProvisionMachineAuthKey: Unable to store
auth key in DS: 5
01/30 15:28:23 [ERROR] [7044] NetpLdapBind: ldap_bind failed on
dc.domain: 49: Invalid Credentials
But using Wireshark to capture ldap traffic I did not see anything,
that would look like authentication failure for me.
--
Virgo Pärna
virgo.parna at mail.ee
More information about the samba
mailing list