Daniel Givens
2022-Apr-01 20:18 UTC
[Samba] Windows 11 22h1 Beta (Build 22581) client refuses to auth with Samba DC
I wanted to be sure you all were aware of an issue that's come up in recent Insider builds of Windows 11. I upgraded my local Windows 11 to the most recent beta build 22581 and had to roll back because I was unable to login to the system. The logs on my Samba domain controller indicate the authentication is successful, but Windows says I entered an incorrect password. According to the u/BFeely1, in a Reddit post[1], they've submitted feedback about it, but I don't have much hope Microsoft is going to make it a high priority to resolve. I wasn't able to find any reports to this mailing list or in any Samba related bug tracking for the project or any distribution trackers mentioning the issue. I would like to help if I can, but I would need some direction on what info would be useful. [1] https://www.reddit.com/r/windowsinsiders/comments/t1f7hu/cannot_connect_to_samba_ad_dc_on_windows_11_dev/ <https://www.reddit.com/r/windowsinsiders/comments/t1f7hu/cannot_connect_to_samba_ad_dc_on_windows_11_dev/> -- Daniel
Andrew Bartlett
2022-Apr-04 02:05 UTC
[Samba] Windows 11 22h1 Beta (Build 22581) client refuses to auth with Samba DC
On Fri, 2022-04-01 at 15:18 -0500, Daniel Givens via samba wrote:> I wanted to be sure you all were aware of an issue that's come up in > recent Insider builds of Windows 11. I upgraded my local Windows 11 > to the most recent beta build 22581 and had to roll back because I > was unable to login to the system. The logs on my Samba domain > controller indicate the authentication is successful, but Windows > says I entered an incorrect password. > > According to the u/BFeely1, in a Reddit post[1], they've submitted > feedback about it, but I don't have much hope Microsoft is going to > make it a high priority to resolve. I wasn't able to find any reports > to this mailing list or in any Samba related bug tracking for the > project or any distribution trackers mentioning the issue. > > I would like to help if I can, but I would need some direction on > what info would be useful.Thanks. Given your description, it is going to be difficult to fix this - far easier if Samba is rejecting the request. If a Samba developer was to raise this with Microsoft, I think they first thing MS would want would be a paired network (wireshark PCAP or PCAPng) and TTD trace. https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-debugging-record A comparative trace with a windows DC joined to the same domain, alongside a full keytab (samba-tool domain exportkeytab) for that (TEST!) domain would also be very useful. Sadly I've not had any customers ask about this yet, so I've not been able to put any time into this myself. Sorry, Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions