sandy.napoles at eccmg.cupet.cu
2021-Sep-28 18:55 UTC
[Samba] Problem after update version 4.15.0
my last version 4.14.7
# Global parameters
[global]
netbios name = CCMG7
realm = ECCMG.CUPET.CU
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = ECCMG
idmap_ldb:use rfc2307 = yes
ldap server require strong auth = no
log level = 1 auth_audit:3 auth_json_audit:3
log file = /usr/local/samba/var/log.samba
#----------------------------------------------------------------------------------------------------------------------------
[netlogon]
path = /usr/local/samba/var/locks/sysvol/eccmg.cupet.cu/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
September 28, 2021 1:48 PM, "Rowland Penny via samba" <samba at
lists.samba.org> wrote:
> On Tue, 2021-09-28 at 18:16 +0000, Sandy via samba wrote:
>
>> Hello list, I hope everyone is well and we can get out little by
>> little of this terrible pandemic, I just updated my domain controller
>> samba4 to version 4.15.0 and it turns out that when clients try to
>> authenticate it tells them that the username or password is wrong,
>> that happens with everyone. any ideas ?
>
> What version did you upgrade from ?
> Please post your smb.conf
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
On Tue, 2021-09-28 at 18:55 +0000, Sandy via samba wrote:> my last version 4.14.7 > > # Global parameters > [global] > netbios name = CCMG7 > realm = ECCMG.CUPET.CU > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc, dnsupdate > workgroup = ECCMG > idmap_ldb:use rfc2307 = yes > ldap server require strong auth = no > log level = 1 auth_audit:3 auth_json_audit:3 > log file = /usr/local/samba/var/log.samba > #------------------------------------------------------------------ > ---------------------------------------------------------- > [netlogon] > path > /usr/local/samba/var/locks/sysvol/eccmg.cupet.cu/scripts > read only = No > > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = NoThere doesn't seem to be anything wrong there and the version jump isn't that large. Is there anything in the logs ? If not, try turning up the log level to see if anything does show. How did you upgrade Samba ? Rowland
> my last version 4.14.7I actually have the same problem upgrading from 4.14.7. In fact I found it's not happening to all workstations and seems to be limited to workstation accounts only. On affected workstations no login is possible. However connecting to shares using a local user account on this workstation is working just fine. Just no domain user login is possible while the workstation reporting invalid password. I can also migrate back to 4.17.7 binaries and I am able to log on to the workstation again. Somehow it does not affect workstations recently joined to the domain but seems to affect only workstations joined to the domain since a long time. Actually one workstation I am able to reproduce the issue is joined since 2016. Re-joining the workstation might fix the issue but is not really an option I want to follow. Also resetting the computer account did not change anything. I also compared "samba-tool computer show" of a working and one non-working machine and can't find any differences other than timestamps. Also tried different protocols (limiting to SMB2 and also disabling signing on client and server side) without success. Logs: [2021/09/28 23:12:11.479107, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:564(make_auth3_context_for_ntlm) make_auth3_context_for_ntlm: Making default auth method list for server role = 'active directory domain controller' [2021/09/28 23:12:11.479171, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:52(smb_register_auth) Attempting to register auth backend anonymous [2021/09/28 23:12:11.479199, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:64(smb_register_auth) Successfully added auth method 'anonymous' [2021/09/28 23:12:11.479217, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:52(smb_register_auth) Attempting to register auth backend sam [2021/09/28 23:12:11.479232, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:64(smb_register_auth) Successfully added auth method 'sam' [2021/09/28 23:12:11.479247, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:52(smb_register_auth) Attempting to register auth backend sam_ignoredomain [2021/09/28 23:12:11.479263, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:64(smb_register_auth) Successfully added auth method 'sam_ignoredomain' [2021/09/28 23:12:11.479278, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:52(smb_register_auth) Attempting to register auth backend sam_netlogon3 [2021/09/28 23:12:11.479307, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:64(smb_register_auth) Successfully added auth method 'sam_netlogon3' [2021/09/28 23:12:11.479324, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:52(smb_register_auth) Attempting to register auth backend winbind [2021/09/28 23:12:11.479339, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:64(smb_register_auth) Successfully added auth method 'winbind' [2021/09/28 23:12:11.479354, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:52(smb_register_auth) Attempting to register auth backend unix [2021/09/28 23:12:11.479370, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:64(smb_register_auth) Successfully added auth method 'unix' [2021/09/28 23:12:11.479395, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:52(smb_register_auth) Attempting to register auth backend samba4 [2021/09/28 23:12:11.479411, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:64(smb_register_auth) Successfully added auth method 'samba4' [2021/09/28 23:12:11.479426, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:426(load_auth_module) load_auth_module: Attempting to find an auth method to match samba4 [2021/09/28 23:12:11.482777, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) GENSEC backend 'gssapi_spnego' registered [2021/09/28 23:12:11.482852, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) GENSEC backend 'gssapi_krb5' registered [2021/09/28 23:12:11.482870, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) GENSEC backend 'gssapi_krb5_sasl' registered [2021/09/28 23:12:11.482913, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) GENSEC backend 'spnego' registered [2021/09/28 23:12:11.482931, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) GENSEC backend 'schannel' registered [2021/09/28 23:12:11.482948, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) GENSEC backend 'naclrpc_as_system' registered [2021/09/28 23:12:11.482974, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) GENSEC backend 'sasl-EXTERNAL' registered [2021/09/28 23:12:11.482992, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) GENSEC backend 'ntlmssp' registered [2021/09/28 23:12:11.483009, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) GENSEC backend 'ntlmssp_resume_ccache' registered [2021/09/28 23:12:11.483027, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) GENSEC backend 'http_basic' registered [2021/09/28 23:12:11.483045, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) GENSEC backend 'http_ntlm' registered [2021/09/28 23:12:11.483062, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) GENSEC backend 'http_negotiate' registered [2021/09/28 23:12:11.483079, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) GENSEC backend 'krb5' registered [2021/09/28 23:12:11.483096, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) GENSEC backend 'fake_gssapi_krb5' registered [2021/09/28 23:12:11.483115, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:451(load_auth_module) load_auth_module: auth method samba4 has a valid init [2021/09/28 23:12:11.489069, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source4/auth/ntlm/auth.c:831(auth_register) AUTH backend 'sam' registered [2021/09/28 23:12:11.489126, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source4/auth/ntlm/auth.c:831(auth_register) AUTH backend 'sam_ignoredomain' registered [2021/09/28 23:12:11.489144, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source4/auth/ntlm/auth.c:831(auth_register) AUTH backend 'anonymous' registered [2021/09/28 23:12:11.489161, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source4/auth/ntlm/auth.c:831(auth_register) AUTH backend 'winbind' registered [2021/09/28 23:12:11.489177, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source4/auth/ntlm/auth.c:831(auth_register) AUTH backend 'name_to_ntstatus' registered [2021/09/28 23:12:11.493050, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:843(gensec_start_mech) Starting GENSEC mechanism spnego [2021/09/28 23:12:11.493498, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:843(gensec_start_mech) Starting GENSEC submechanism gssapi_krb5 [2021/09/28 23:12:11.494307, 10, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send) gensec_update_send: spnego[0x5588bd35f470]: subreq: 0x5588bded6b80 [2021/09/28 23:12:11.494371, 10, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:547(gensec_update_done) gensec_update_done: spnego[0x5588bd35f470]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x5588bded6b80/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x5588bded6d40)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] [2021/09/28 23:12:11.506170, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:564(make_auth3_context_for_ntlm) make_auth3_context_for_ntlm: Making default auth method list for server role = 'active directory domain controller' [2021/09/28 23:12:11.506261, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:426(load_auth_module) load_auth_module: Attempting to find an auth method to match samba4 [2021/09/28 23:12:11.506281, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth.c:451(load_auth_module) load_auth_module: auth method samba4 has a valid init [2021/09/28 23:12:11.510859, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:843(gensec_start_mech) Starting GENSEC mechanism spnego [2021/09/28 23:12:11.511280, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec_start.c:843(gensec_start_mech) Starting GENSEC submechanism ntlmssp [2021/09/28 23:12:11.511347, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2021/09/28 23:12:11.511416, 10, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source4/auth/ntlm/auth.c:83(auth_get_challenge) auth_get_challenge: challenge set by random [2021/09/28 23:12:11.511589, 10, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send) gensec_update_send: ntlmssp[0x5588bd3fbcf0]: subreq: 0x5588be057940 [2021/09/28 23:12:11.511613, 10, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send) gensec_update_send: spnego[0x5588bd7b6470]: subreq: 0x5588bd81f5b0 [2021/09/28 23:12:11.511720, 10, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:547(gensec_update_done) gensec_update_done: ntlmssp[0x5588bd3fbcf0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x5588be057940/../../auth/ntlmssp/ntlmssp.c:180]: state[2] error[0 (0x0)] state[struct gensec_ntlmssp_update_state (0x5588be057b00)] timer[(nil)] finish[../../auth/ntlmssp/ntlmssp.c:215] [2021/09/28 23:12:11.511766, 10, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:547(gensec_update_done) gensec_update_done: spnego[0x5588bd7b6470]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x5588bd81f5b0/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x5588bd81f770)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] [2021/09/28 23:12:11.514648, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/ntlmssp/ntlmssp_server.c:509(ntlmssp_server_preauth) Got user=[CYB64W10-TEST$] domain=[CYBERDYNE] workstation=[CYB64W10-TEST] len1=24 len2=340 [2021/09/28 23:12:11.514750, 10, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/ntlmssp/ntlmssp_server.c:544(ntlmssp_server_preauth) [2021/09/28 23:12:11.514766, 1] ../../librpc/ndr/ndr.c:435(ndr_print_debug) &v2_resp: struct NTLMv2_RESPONSE Response : 1edb5b9741c49d2c7f9de26c6edc5de1 Challenge: struct NTLMv2_CLIENT_CHALLENGE RespType : 0x01 (1) HiRespType : 0x01 (1) Reserved1 : 0x0000 (0) Reserved2 : 0x00000000 (0) TimeStamp : Tue Sep 28 11:12:12 PM 2021 CEST ChallengeFromClient : b5ba50318f977163 Reserved3 : 0x00000000 (0) AvPairs: struct AV_PAIR_LIST count : 0x0000000a (10) pair: ARRAY(10) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0012 (18) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'CYBERDYNE' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x000c (12) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'SKYNET' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0024 (36) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'ad.cyberdyne.local' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x0032 (50) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'skynet.ad.cyberdyne.local' pair: struct AV_PAIR AvId : MsvAvTimestamp (0x7) AvLen : 0x0008 (8) Value : union ntlmssp_AvValue(case 0x7) AvTimestamp : Tue Sep 28 11:12:12 PM 2021 CEST pair: struct AV_PAIR AvId : MsvAvFlags (0x6) AvLen : 0x0004 (4) Value : union ntlmssp_AvValue(case 0x6) AvFlags : 0x00000002 (2) 0: NTLMSSP_AVFLAG_CONSTRAINTED_ACCOUNT 1: NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE 0: NTLMSSP_AVFLAG_TARGET_SPN_FROM_UNTRUSTED_SOURCE pair: struct AV_PAIR AvId : MsvAvSingleHost (0x8) AvLen : 0x0030 (48) Value : union ntlmssp_AvValue(case 0x8) AvSingleHost: struct ntlmssp_SingleHostData Size : 0x00000030 (48) Z4 : 0x00000000 (0) token_info: struct LSAP_TOKEN_INFO_INTEGRITY Flags : 0x00000000 (0) TokenIL : 0x00004000 (16384) MachineId : ee332d1498ee205bbe0b10ef6d13c44c4cfdd979ff677d416e7b400cdcdb4503 remaining : DATA_BLOB length=0 pair: struct AV_PAIR AvId : MsvChannelBindings (0xA) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0xA) ChannelBindings : 00000000000000000000000000000000 pair: struct AV_PAIR AvId : MsvAvTargetName (0x9) AvLen : 0x003c (60) Value : union ntlmssp_AvValue(case 0x9) AvTargetName : 'cifs/skynet.ad.cyberdyne.local' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) [2021/09/28 23:12:11.515308, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source4/auth/ntlm/auth.c:241(auth_check_password_send) auth_check_password_send: Checking password for unmapped user [CYBERDYNE]\[CYB64W10-TEST$]@[CYB64W10-TEST] auth_check_password_send: user is: [CYBERDYNE]\[CYB64W10-TEST$]@[CYB64W10-TEST] [2021/09/28 23:12:11.515348, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source4/auth/ntlm/auth.c:69(auth_get_challenge) auth_get_challenge: returning previous challenge by module random (normal) [2021/09/28 23:12:11.515365, 10, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source4/auth/ntlm/auth.c:310(auth_check_password_send) auth_check_password_send: auth_context challenge created by random [2021/09/28 23:12:11.515380, 10, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source4/auth/ntlm/auth.c:315(auth_check_password_send) auth_check_password_send: challenge is: [2021/09/28 23:12:11.518330, 10, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send) gensec_update_send: ntlmssp[0x5588bd3fbcf0]: subreq: 0x5588be057940 [2021/09/28 23:12:11.518402, 10, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send) gensec_update_send: spnego[0x5588bd7b6470]: subreq: 0x5588bd81f5b0 [2021/09/28 23:12:11.518489, 2, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../source4/auth/ntlm/auth.c:437(auth_check_password_recv) auth_check_password_recv: sam authentication for user [CYBERDYNE\CYB64W10-TEST$] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1 [2021/09/28 23:12:11.518557, 2] ../../auth/auth_log.c:635(log_authentication_event_human_readable) Auth: [SMB2,NTLMSSP] user [CYBERDYNE]\[CYB64W10-TEST$] at [Tue, 28 Sep 2021 23:12:11.518538 CEST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [CYB64W10-TEST] remote host [ipv4:10.0.1.137:50082] mapped to [CYBERDYNE]\[CYB64W10-TEST$]. local host [ipv4:10.0.2.6:445] {"timestamp": "2021-09-28T23:12:11.518668+0200", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:10.0.2.6:445", "remoteAddress": "ipv4:10.0.1.137:50082", "serviceDescription": "SMB2", "authDescription": "NTLMSSP", "clientDomain": "CYBERDYNE", "clientAccount": "CYB64W10-TEST$", "workstation": "CYB64W10-TEST", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "CYB64W10-TEST$", "mappedDomain": "CYBERDYNE", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 10774}} [2021/09/28 23:12:11.518770, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/ntlmssp/ntlmssp_server.c:813(ntlmssp_server_auth_done) ntlmssp_server_auth_done: Checking NTLMSSP password for CYBERDYNE\CYB64W10-TEST$ failed: NT_STATUS_WRONG_PASSWORD [2021/09/28 23:12:11.518799, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:534(gensec_update_done) gensec_update_done: ntlmssp[0x5588bd3fbcf0]: NT_STATUS_WRONG_PASSWORD tevent_req[0x5588be057940/../../auth/ntlmssp/ntlmssp.c:180]: state[3] error[-7963671676338569110 (0x917B5ACDC000006A)] state[struct gensec_ntlmssp_update_state (0x5588be057b00)] timer[(nil)] finish[../../auth/ntlmssp/ntlmssp.c:239] [2021/09/28 23:12:11.518822, 3, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/spnego.c:1443(gensec_spnego_server_negTokenTarg_step) gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_WRONG_PASSWORD [2021/09/28 23:12:11.518846, 5, pid=26638, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:534(gensec_update_done) gensec_update_done: spnego[0x5588bd7b6470]: NT_STATUS_WRONG_PASSWORD tevent_req[0x5588bd81f5b0/../../auth/gensec/spnego.c:1631]: state[3] error[-7963671676338569110 (0x917B5ACDC000006A)] state[struct gensec_spnego_update_state (0x5588bd81f770)] timer[(nil)] finish[../../auth/gensec/spnego.c:2039]On 28.09.2021 23:10, samba-bounces at lists.samba.org wrote: best regards, Rainer
The computer password is expired. You can try, Remove the pc from domain and rejoin. And did you verify if the computer time is in sync with AD. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rainer Meier via samba > Verzonden: dinsdag 28 september 2021 23:25 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Problem after update version 4.15.0 > > > my last version 4.14.7 > > I actually have the same problem upgrading from 4.14.7. > > In fact I found it's not happening to all workstations and > seems to be > limited to workstation accounts only. On affected > workstations no login > is possible. However connecting to shares using a local user > account on > this workstation is working just fine. Just no domain user login is > possible while the workstation reporting invalid password. > > I can also migrate back to 4.17.7 binaries and I am able to log on to > the workstation again. > > Somehow it does not affect workstations recently joined to the domain > but seems to affect only workstations joined to the domain > since a long > time. Actually one workstation I am able to reproduce the issue is > joined since 2016. > Re-joining the workstation might fix the issue but is not really an > option I want to follow. > > Also resetting the computer account did not change anything. > > I also compared "samba-tool computer show" of a working and one > non-working machine and can't find any differences other than > timestamps. > > Also tried different protocols (limiting to SMB2 and also disabling > signing on client and server side) without success. > > > Logs: > > [2021/09/28 23:12:11.479107, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:564(make_auth3_context_for_ntlm) > make_auth3_context_for_ntlm: Making default auth method list for > server role = 'active directory domain controller' > [2021/09/28 23:12:11.479171, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:52(smb_register_auth) > Attempting to register auth backend anonymous > [2021/09/28 23:12:11.479199, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:64(smb_register_auth) > Successfully added auth method 'anonymous' > [2021/09/28 23:12:11.479217, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:52(smb_register_auth) > Attempting to register auth backend sam > [2021/09/28 23:12:11.479232, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:64(smb_register_auth) > Successfully added auth method 'sam' > [2021/09/28 23:12:11.479247, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:52(smb_register_auth) > Attempting to register auth backend sam_ignoredomain > [2021/09/28 23:12:11.479263, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:64(smb_register_auth) > Successfully added auth method 'sam_ignoredomain' > [2021/09/28 23:12:11.479278, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:52(smb_register_auth) > Attempting to register auth backend sam_netlogon3 > [2021/09/28 23:12:11.479307, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:64(smb_register_auth) > Successfully added auth method 'sam_netlogon3' > [2021/09/28 23:12:11.479324, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:52(smb_register_auth) > Attempting to register auth backend winbind > [2021/09/28 23:12:11.479339, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:64(smb_register_auth) > Successfully added auth method 'winbind' > [2021/09/28 23:12:11.479354, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:52(smb_register_auth) > Attempting to register auth backend unix > [2021/09/28 23:12:11.479370, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:64(smb_register_auth) > Successfully added auth method 'unix' > [2021/09/28 23:12:11.479395, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:52(smb_register_auth) > Attempting to register auth backend samba4 > [2021/09/28 23:12:11.479411, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:64(smb_register_auth) > Successfully added auth method 'samba4' > [2021/09/28 23:12:11.479426, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:426(load_auth_module) > load_auth_module: Attempting to find an auth method to match samba4 > [2021/09/28 23:12:11.482777, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) > GENSEC backend 'gssapi_spnego' registered > [2021/09/28 23:12:11.482852, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) > GENSEC backend 'gssapi_krb5' registered > [2021/09/28 23:12:11.482870, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) > GENSEC backend 'gssapi_krb5_sasl' registered > [2021/09/28 23:12:11.482913, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) > GENSEC backend 'spnego' registered > [2021/09/28 23:12:11.482931, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) > GENSEC backend 'schannel' registered > [2021/09/28 23:12:11.482948, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) > GENSEC backend 'naclrpc_as_system' registered > [2021/09/28 23:12:11.482974, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) > GENSEC backend 'sasl-EXTERNAL' registered > [2021/09/28 23:12:11.482992, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) > GENSEC backend 'ntlmssp' registered > [2021/09/28 23:12:11.483009, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) > GENSEC backend 'ntlmssp_resume_ccache' registered > [2021/09/28 23:12:11.483027, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) > GENSEC backend 'http_basic' registered > [2021/09/28 23:12:11.483045, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) > GENSEC backend 'http_ntlm' registered > [2021/09/28 23:12:11.483062, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) > GENSEC backend 'http_negotiate' registered > [2021/09/28 23:12:11.483079, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) > GENSEC backend 'krb5' registered > [2021/09/28 23:12:11.483096, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register) > GENSEC backend 'fake_gssapi_krb5' registered > [2021/09/28 23:12:11.483115, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:451(load_auth_module) > load_auth_module: auth method samba4 has a valid init > [2021/09/28 23:12:11.489069, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source4/auth/ntlm/auth.c:831(auth_register) > AUTH backend 'sam' registered > [2021/09/28 23:12:11.489126, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source4/auth/ntlm/auth.c:831(auth_register) > AUTH backend 'sam_ignoredomain' registered > [2021/09/28 23:12:11.489144, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source4/auth/ntlm/auth.c:831(auth_register) > AUTH backend 'anonymous' registered > [2021/09/28 23:12:11.489161, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source4/auth/ntlm/auth.c:831(auth_register) > AUTH backend 'winbind' registered > [2021/09/28 23:12:11.489177, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source4/auth/ntlm/auth.c:831(auth_register) > AUTH backend 'name_to_ntstatus' registered > [2021/09/28 23:12:11.493050, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:843(gensec_start_mech) > Starting GENSEC mechanism spnego > [2021/09/28 23:12:11.493498, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:843(gensec_start_mech) > Starting GENSEC submechanism gssapi_krb5 > [2021/09/28 23:12:11.494307, 10, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send) > gensec_update_send: spnego[0x5588bd35f470]: subreq: 0x5588bded6b80 > [2021/09/28 23:12:11.494371, 10, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec.c:547(gensec_update_done) > gensec_update_done: spnego[0x5588bd35f470]: > NT_STATUS_MORE_PROCESSING_REQUIRED > tevent_req[0x5588bded6b80/../../auth/gensec/spnego.c:1631]: state[2] > error[0 (0x0)] state[struct gensec_spnego_update_state > (0x5588bded6d40)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] > [2021/09/28 23:12:11.506170, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:564(make_auth3_context_for_ntlm) > make_auth3_context_for_ntlm: Making default auth method list for > server role = 'active directory domain controller' > [2021/09/28 23:12:11.506261, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:426(load_auth_module) > load_auth_module: Attempting to find an auth method to match samba4 > [2021/09/28 23:12:11.506281, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source3/auth/auth.c:451(load_auth_module) > load_auth_module: auth method samba4 has a valid init > [2021/09/28 23:12:11.510859, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:843(gensec_start_mech) > Starting GENSEC mechanism spnego > [2021/09/28 23:12:11.511280, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec_start.c:843(gensec_start_mech) > Starting GENSEC submechanism ntlmssp > [2021/09/28 23:12:11.511347, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0xe2088297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 > [2021/09/28 23:12:11.511416, 10, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source4/auth/ntlm/auth.c:83(auth_get_challenge) > auth_get_challenge: challenge set by random > [2021/09/28 23:12:11.511589, 10, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send) > gensec_update_send: ntlmssp[0x5588bd3fbcf0]: subreq: 0x5588be057940 > [2021/09/28 23:12:11.511613, 10, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send) > gensec_update_send: spnego[0x5588bd7b6470]: subreq: 0x5588bd81f5b0 > [2021/09/28 23:12:11.511720, 10, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec.c:547(gensec_update_done) > gensec_update_done: ntlmssp[0x5588bd3fbcf0]: > NT_STATUS_MORE_PROCESSING_REQUIRED > tevent_req[0x5588be057940/../../auth/ntlmssp/ntlmssp.c:180]: state[2] > error[0 (0x0)] state[struct gensec_ntlmssp_update_state > (0x5588be057b00)] timer[(nil)] > finish[../../auth/ntlmssp/ntlmssp.c:215] > [2021/09/28 23:12:11.511766, 10, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec.c:547(gensec_update_done) > gensec_update_done: spnego[0x5588bd7b6470]: > NT_STATUS_MORE_PROCESSING_REQUIRED > tevent_req[0x5588bd81f5b0/../../auth/gensec/spnego.c:1631]: state[2] > error[0 (0x0)] state[struct gensec_spnego_update_state > (0x5588bd81f770)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] > [2021/09/28 23:12:11.514648, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] > ../../auth/ntlmssp/ntlmssp_server.c:509(ntlmssp_server_preauth) > Got user=[CYB64W10-TEST$] domain=[CYBERDYNE] > workstation=[CYB64W10-TEST] len1=24 len2=340 > [2021/09/28 23:12:11.514750, 10, pid=26638, effective(0, 0), > real(0, 0), > class=auth] > ../../auth/ntlmssp/ntlmssp_server.c:544(ntlmssp_server_preauth) > [2021/09/28 23:12:11.514766, 1] > ../../librpc/ndr/ndr.c:435(ndr_print_debug) > &v2_resp: struct NTLMv2_RESPONSE > Response : 1edb5b9741c49d2c7f9de26c6edc5de1 > Challenge: struct NTLMv2_CLIENT_CHALLENGE > RespType : 0x01 (1) > HiRespType : 0x01 (1) > Reserved1 : 0x0000 (0) > Reserved2 : 0x00000000 (0) > TimeStamp : Tue Sep 28 11:12:12 > PM 2021 CEST > ChallengeFromClient : b5ba50318f977163 > Reserved3 : 0x00000000 (0) > AvPairs: struct AV_PAIR_LIST > count : 0x0000000a (10) > pair: ARRAY(10) > pair: struct AV_PAIR > AvId : > MsvAvNbDomainName > (0x2) > AvLen : 0x0012 (18) > Value : union > ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'CYBERDYNE' > pair: struct AV_PAIR > AvId : > MsvAvNbComputerName (0x1) > AvLen : 0x000c (12) > Value : union > ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'SKYNET' > pair: struct AV_PAIR > AvId : > MsvAvDnsDomainName > (0x4) > AvLen : 0x0024 (36) > Value : union > ntlmssp_AvValue(case 0x4) > AvDnsDomainName : > 'ad.cyberdyne.local' > pair: struct AV_PAIR > AvId : > MsvAvDnsComputerName (0x3) > AvLen : 0x0032 (50) > Value : union > ntlmssp_AvValue(case 0x3) > AvDnsComputerName : > 'skynet.ad.cyberdyne.local' > pair: struct AV_PAIR > AvId : > MsvAvTimestamp (0x7) > AvLen : 0x0008 (8) > Value : union > ntlmssp_AvValue(case 0x7) > AvTimestamp : Tue Sep 28 > 11:12:12 PM 2021 CEST > pair: struct AV_PAIR > AvId : MsvAvFlags (0x6) > AvLen : 0x0004 (4) > Value : union > ntlmssp_AvValue(case 0x6) > AvFlags : 0x00000002 (2) > 0: > NTLMSSP_AVFLAG_CONSTRAINTED_ACCOUNT > 1: > NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE > 0: > NTLMSSP_AVFLAG_TARGET_SPN_FROM_UNTRUSTED_SOURCE > pair: struct AV_PAIR > AvId : > MsvAvSingleHost (0x8) > AvLen : 0x0030 (48) > Value : union > ntlmssp_AvValue(case 0x8) > AvSingleHost: struct ntlmssp_SingleHostData > Size : > 0x00000030 (48) > Z4 : > 0x00000000 (0) > token_info: struct > LSAP_TOKEN_INFO_INTEGRITY > Flags : > 0x00000000 (0) > TokenIL : > 0x00004000 > (16384) > MachineId : > ee332d1498ee205bbe0b10ef6d13c44c4cfdd979ff677d416e7b400cdcdb4503 > remaining : > DATA_BLOB length=0 > pair: struct AV_PAIR > AvId : > MsvChannelBindings > (0xA) > AvLen : 0x0010 (16) > Value : union > ntlmssp_AvValue(case 0xA) > ChannelBindings : > 00000000000000000000000000000000 > pair: struct AV_PAIR > AvId : > MsvAvTargetName (0x9) > AvLen : 0x003c (60) > Value : union > ntlmssp_AvValue(case 0x9) > AvTargetName : > 'cifs/skynet.ad.cyberdyne.local' > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union > ntlmssp_AvValue(case 0x0) > [2021/09/28 23:12:11.515308, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] > ../../source4/auth/ntlm/auth.c:241(auth_check_password_send) > auth_check_password_send: Checking password for unmapped user > [CYBERDYNE]\[CYB64W10-TEST$]@[CYB64W10-TEST] > auth_check_password_send: user is: > [CYBERDYNE]\[CYB64W10-TEST$]@[CYB64W10-TEST] > [2021/09/28 23:12:11.515348, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../source4/auth/ntlm/auth.c:69(auth_get_challenge) > auth_get_challenge: returning previous challenge by module random > (normal) > [2021/09/28 23:12:11.515365, 10, pid=26638, effective(0, 0), > real(0, 0), > class=auth] > ../../source4/auth/ntlm/auth.c:310(auth_check_password_send) > auth_check_password_send: auth_context challenge created by random > [2021/09/28 23:12:11.515380, 10, pid=26638, effective(0, 0), > real(0, 0), > class=auth] > ../../source4/auth/ntlm/auth.c:315(auth_check_password_send) > auth_check_password_send: challenge is: > [2021/09/28 23:12:11.518330, 10, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send) > gensec_update_send: ntlmssp[0x5588bd3fbcf0]: subreq: 0x5588be057940 > [2021/09/28 23:12:11.518402, 10, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send) > gensec_update_send: spnego[0x5588bd7b6470]: subreq: 0x5588bd81f5b0 > [2021/09/28 23:12:11.518489, 2, pid=26638, effective(0, 0), > real(0, 0), > class=auth] > ../../source4/auth/ntlm/auth.c:437(auth_check_password_recv) > auth_check_password_recv: sam authentication for user > [CYBERDYNE\CYB64W10-TEST$] FAILED with error > NT_STATUS_WRONG_PASSWORD, > authoritative=1 > [2021/09/28 23:12:11.518557, 2] > ../../auth/auth_log.c:635(log_authentication_event_human_readable) > Auth: [SMB2,NTLMSSP] user [CYBERDYNE]\[CYB64W10-TEST$] at [Tue, 28 > Sep 2021 23:12:11.518538 CEST] with [NTLMv2] status > [NT_STATUS_WRONG_PASSWORD] workstation [CYB64W10-TEST] remote host > [ipv4:10.0.1.137:50082] mapped to [CYBERDYNE]\[CYB64W10-TEST$]. local > host [ipv4:10.0.2.6:445] > {"timestamp": "2021-09-28T23:12:11.518668+0200", "type": > "Authentication", "Authentication": {"version": {"major": 1, "minor": > 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": > "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:10.0.2.6:445", > "remoteAddress": "ipv4:10.0.1.137:50082", > "serviceDescription": "SMB2", > "authDescription": "NTLMSSP", "clientDomain": "CYBERDYNE", > "clientAccount": "CYB64W10-TEST$", "workstation": "CYB64W10-TEST", > "becameAccount": null, "becameDomain": null, "becameSid": null, > "mappedAccount": "CYB64W10-TEST$", "mappedDomain": "CYBERDYNE", > "netlogonComputer": null, "netlogonTrustAccount": null, > "netlogonNegotiateFlags": "0x00000000", > "netlogonSecureChannelType": 0, > "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", > "duration": > 10774}} > [2021/09/28 23:12:11.518770, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] > ../../auth/ntlmssp/ntlmssp_server.c:813(ntlmssp_server_auth_done) > ntlmssp_server_auth_done: Checking NTLMSSP password for > CYBERDYNE\CYB64W10-TEST$ failed: NT_STATUS_WRONG_PASSWORD > [2021/09/28 23:12:11.518799, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec.c:534(gensec_update_done) > gensec_update_done: ntlmssp[0x5588bd3fbcf0]: > NT_STATUS_WRONG_PASSWORD > tevent_req[0x5588be057940/../../auth/ntlmssp/ntlmssp.c:180]: state[3] > error[-7963671676338569110 (0x917B5ACDC000006A)] state[struct > gensec_ntlmssp_update_state (0x5588be057b00)] timer[(nil)] > finish[../../auth/ntlmssp/ntlmssp.c:239] > [2021/09/28 23:12:11.518822, 3, pid=26638, effective(0, 0), > real(0, 0), > class=auth] > ../../auth/gensec/spnego.c:1443(gensec_spnego_server_negTokenT > arg_step) > gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) > login failed: > NT_STATUS_WRONG_PASSWORD > [2021/09/28 23:12:11.518846, 5, pid=26638, effective(0, 0), > real(0, 0), > class=auth] ../../auth/gensec/gensec.c:534(gensec_update_done) > gensec_update_done: spnego[0x5588bd7b6470]: > NT_STATUS_WRONG_PASSWORD > tevent_req[0x5588bd81f5b0/../../auth/gensec/spnego.c:1631]: state[3] > error[-7963671676338569110 (0x917B5ACDC000006A)] state[struct > gensec_spnego_update_state (0x5588bd81f770)] timer[(nil)] > finish[../../auth/gensec/spnego.c:2039]On 28.09.2021 23:10, > samba-bounces at lists.samba.org wrote: > > > best regards, > Rainer > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >