yabko
2016-Oct-17 19:42 UTC
[Samba] samba 4.5.0 strange windows 10 issue | incorrect password
i'm having intermittent issues with windows 10 clients (dont have win7/xp) on the network. i frequently get users being unable to login even when they put correct credentials. when that happens wbinfo --authenticate user completes successfully on the controller (just one on the network), same with authenticating webmail/intranet against PDC works. time is in sync. sometimes rebooting the PC helps it and they're able to login. is there anyone experiencing similar issue ? it seems to be happening on the client side only if the PDC itself works. happened today. users password was expired and win10 prompted for change. user changed it and win said change successful. when user tried to sign in it said password incorrect. rebooted and user was able to get in. wbinfo was successfully authenticating before reboot with the new password. -- View this message in context: http://samba.2283325.n4.nabble.com/samba-4-5-0-strange-windows-10-issue-incorrect-password-tp4709799.html Sent from the Samba - General mailing list archive at Nabble.com.
Rowland Penny
2016-Oct-17 20:14 UTC
[Samba] samba 4.5.0 strange windows 10 issue | incorrect password
On Mon, 17 Oct 2016 12:42:39 -0700 (PDT) yabko via samba <samba at lists.samba.org> wrote:> i'm having intermittent issues with windows 10 clients (dont have > win7/xp) on the network. i frequently get users being unable to login > even when they put correct credentials. when that happens wbinfo > --authenticate user completes successfully on the controller (just > one on the network), same with authenticating webmail/intranet > against PDC works. time is in sync. sometimes rebooting the PC helps > it and they're able to login. is there anyone experiencing similar > issue ? it seems to be happening on the client side only if the PDC > itself works. > > happened today. users password was expired and win10 prompted for > change. user changed it and win said change successful. when user > tried to sign in it said password incorrect. rebooted and user was > able to get in. wbinfo was successfully authenticating before reboot > with the new password. >Can you please post more info, what OS, how are you running Samba, I know you mention a 'PDC', but is this an NT4-style domain or is it really an AD DC ? Can you post your smb.conf ? Rowland
yabko
2016-Oct-17 20:51 UTC
[Samba] samba 4.5.0 strange windows 10 issue | incorrect password
hi server role is server role = active directory domain controller i googled the error and it says that there could be two computer accounts of the same name i pulled this from the event log The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server 50wks19$. The target name used was 50WKS19$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (WMPNY.LAN) is different from the client domain (WMPNY.LAN), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server. but checking DNS/ADUC i don't see any 50wks19 twice. all are windows 10x64 -- View this message in context: http://samba.2283325.n4.nabble.com/samba-4-5-0-strange-windows-10-issue-incorrect-password-tp4709799p4709802.html Sent from the Samba - General mailing list archive at Nabble.com.
Stephan Roth
2016-Oct-19 13:59 UTC
[Samba] Can Logon & Join NT4-style Domain, Can't Change Password
The following article by Microsoft was updated on 2016-10-14: https://support.microsoft.com/en-us/kb/3167679 It acknowledges the problem and proposes to set a registry key to enable NTLM authentification. Fot the details see paragraph "Known issue 7" in the article linked above. - Under "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa" - Create the key "NegoAllowNtlmPwdChangeFallback" and set its value to 1 So far it works on some of our machines, we haven't tested it extensively.
Apparently Analagous Threads
- samba 4.5.0 strange windows 10 issue | incorrect password
- samba 4.5.0 strange windows 10 issue | incorrect password
- samba 4.5.0 strange windows 10 issue | incorrect password
- samba 4.5.0 strange windows 10 issue | incorrect password
- samba 4.5.0 strange windows 10 issue | incorrect password