On 12/10/2022 19:21, Diego Franchini via samba wrote:> this is an extract from my post on superuser and serverfault. I've been
> suggested to seek help here too.
>
> I'm constantly trying new solutions, literally anything I can find
online,
> but to this day nothing has completely fixed it.
>
>
> *DISCLAMER:*
> I'm still trying to fully learn and understand how to properly maintain
a
> samba domain controller.
>
> *The Problem:*
>
> I had a working samba installation with AD controlle but now, just a month
> after my last computer join, it won't work anymore. On Windows it says
> "unknown user or password" but I've checked them to be
correct.
>
> I tried setting the log level to 3 in "smb.conf" and while trying
to join a
> computer this gets logged:
>
> [2022/10/04 12:11:58.018256, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: AS-REQ admuser at example.net from ipv4:172.27.2.58:50124 for
> krbtgt/example.net at example.net
> [2022/10/04 12:11:58.039839, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Client sent patypes: 128
> [2022/10/04 12:11:58.040080, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for PKINIT pa-data -- admuser at example.net
> [2022/10/04 12:11:58.040191, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for ENC-TS pa-data -- admuser at example.net
> [2022/10/04 12:11:58.040341, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: No preauth found, returning PREAUTH-REQUIRED -- admuser at
example.net
> [2022/10/04 12:11:58.043598, 3]
> ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
> [2022/10/04 12:11:58.054880, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: AS-REQ admuser at example.net from ipv4:172.27.2.58:50125 for
> krbtgt/example.net at example.net
> [2022/10/04 12:11:58.076255, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Client sent patypes: encrypted-timestamp, 128
> [2022/10/04 12:11:58.076483, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for PKINIT pa-data -- admuser at example.net
> [2022/10/04 12:11:58.076587, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for ENC-TS pa-data -- admuser at example.net
> [2022/10/04 12:11:58.077527, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: ENC-TS Pre-authentication succeeded -- admuser at example.net
> using aes256-cts-hmac-sha1-96
> [2022/10/04 12:11:58.077840, 3]
> ../../auth/auth_log.c:635(log_authentication_event_human_readable)
> Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
> [(null)]\[admuser at example.net] at [Tue, 04 Oct 2022 12:11:58.077747
> CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation
> [(null)] remote host [ipv4:172.27.2.58:50125] became
> [EXAMPLE]\[admuser] [S-1-5-21-578677625-3635414378-1858279571-1104].
> local host [NULL]
> {"timestamp": "2022-10-04T12:11:58.086113+0200",
"type":
> "Authentication", "Authentication":
{"version": {"major": 1, "minor":
> 2}, "eventId": 4624, "logonId":
"c61be2b0d84a3e12", "logonType": 3,
> "status": "NT_STATUS_OK", "localAddress":
null, "remoteAddress":
> "ipv4:172.27.2.58:50125", "serviceDescription":
"Kerberos KDC",
> "authDescription": "ENC-TS Pre-authentication",
"clientDomain": null,
> "clientAccount": "admuser at example.net",
"workstation": null,
> "becameAccount": "admuser", "becameDomain":
"EXAMPLE", "becameSid":
> "S-1-5-21-578677625-3635414378-1858279571-1104",
"mappedAccount":
> "admuser", "mappedDomain": "EXAMPLE",
"netlogonComputer": null,
> "netlogonTrustAccount": null, "netlogonNegotiateFlags":
"0x00000000",
> "netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
> "passwordType": "aes256-cts-hmac-sha1-96",
"duration": 31663}}
> [2022/10/04 12:11:58.160727, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: AS-REQ authtime: 2022-10-04T12:11:58 starttime: unset
> endtime: 2022-10-04T22:11:58 renew till: 2022-10-11T12:11:58
> [2022/10/04 12:11:58.161033, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
> aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
> [2022/10/04 12:11:58.161206, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Requested flags: renewable-ok, canonicalize, renewable,
forwardable
> [2022/10/04 12:11:58.165799, 3]
> ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
> [2022/10/04 12:11:58.178036, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed to verify authenticator checksum: Decrypt integrity
> check failed for checksum type rsa-md5, key type
> aes256-cts-hmac-sha1-96
> [2022/10/04 12:11:58.178282, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed parsing TGS-REQ from ipv4:172.27.2.58:50126
>
> As you can see, the authentication here is reported to be successful.
Yes, the authentication for admuser is successful, but unless you have
changed the Administrator name to 'admuser', the join will not work,
have you tried a join with 'Administrator' ?
So> far it's the same issue as here
>
<https://www.claudiokuenzler.com/blog/1065/windows-client-unable-join-domain-samba-4-domain-controller-logon-failure-unknown-user-name>,
> so I tried the following commands:
>
> root at SMBDC1:~# host -t SRV _ldap._tcp.example.net
> _ldap._tcp.example.net has SRV record 0 100 389 smbdc1.example.net.
> root at SMBDC1:~# host -t SRV _kerebros._udp.example.net
Is that exactly what you typed ? If so, for the third time, it is
'kerberos' not 'kerebros'.
> Host _kerebros._udp.example.net not found: 3(NXDOMAIN)
> root at SMBDC1:~# host -t A focal.exapmle.net
'example' not 'exapmle'
> Host focal.example.net not found: 3(NXDOMAIN)
>
> root at SMBDC1:~# dig -t SRV _kerebros._udp.frankini.net
>
> ; <<>> DiG 9.16.1-Ubuntu <<>> -t SRV
_kerebros._udp.frankini.net
'kerebros' again.
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 138
> ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1,
ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;_kerebros._udp.frankini.net. IN SRV
>
> ;; AUTHORITY SECTION:
> frankini.net. 3600 IN SOA
> smbdc1.frankini.net. hostmaster. frankini.net. 55 900 600 86400
3600
>
> ;; Query time: 3 msec
> ;; SERVER: 172.27.1.1#53(172.27.1.1)
> ;; WHEN: Fri Oct 07 21:44:12 CEST 2022
> ;; MSG SIZE rcvd: 99
>
> This originally worked but now i get "*Host not found*"... what
could have
> changed?
>
> *My setup*
>
> router: 172.27.0.1
> smbdc: 172.27.1.1
> dns: 172.27.1.2
>
> dhcp range: 172.27.2.2 - 172.27.2.254
>
> Samba runs on an Orange Pi Zero and I connect to it through Putty and
FileZilla
>
> I route communication between the xxx.xxx.0.xxx, xxx.xxx.1.xxx and
> xxx.xxx.2.xxx ip ranges and set the network mask to be 255.255.0.0
>
> *System*
>
> OS: Armbian 22.05.3 Focal with Linux 5.15.48-sunxi
> SAMBA: Samba version 4.13.17-Ubuntu
>
> *smb.conf*
>
> # Global parameters
> [global]
> dns forwarder = 172.27.1.2
> netbios name = SMBDC1
> realm = EXAMPLE.NET <http://example.net/>
> server role = active directory domain controller
> workgroup = EXAMPLE
> idmap_ldb:use rfc2307 = yes
> host msdfs = yes
> log level = 3
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [netlogon]
> path = /var/lib/samba/sysvol/example.net/scripts
> read only = No
>
> *UPDATE:*
>
> I made an image of the disk as a backup, then did a bunch of tests with no
> success. so I finally reverted the image to the disk as it was, and now
> suddenly these commands work:
>
> root at SMBDC1:~# host -t SRV _ldap._tcp.example.net
> _ldap._tcp.example.net has SRV record 0 100 389 smbdc1.example.net.
> root at SMBDC1:~# host -t SRV _kerberos._udp.example.net
> _kerberos._udp.example.net has SRV record 0 100 88 smbdc1.example.net.
How can something that is spelt wrong work ?
Rowland
> root at SMBDC1:~# host -t A SMBDC1.example.net
<http://smbdc1.example.net/>
> SMBDC1.example.net <http://smbdc1.example.net/> has address
172.27.1.4
>
> So the situation now is as follows:
>
> I added the computer "*TESTING-W11*" to the domain with my domain
admin
> user, not with 'administrator'. It works only if i do "user at
example.net"
> and not "user", which used to work before. and if someone asks,
yes I also
> tried with administrator and it only work as "administrator at
example.com"
>
> after the computer rebooted I tried to login but it says wrong user or
> password.
>
> this is the log file of login attempt:
>
> [2022/10/12 19:39:25.980185, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: AS-REQ user2 at EXAMPLE from ipv4:172.27.2.26:50574 for
> krbtgt/EXAMPLE at EXAMPLE
> [2022/10/12 19:39:26.008882, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Client sent patypes: 128
> [2022/10/12 19:39:26.009229, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE
> [2022/10/12 19:39:26.009433, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE
> [2022/10/12 19:39:26.009709, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: No preauth found, returning PREAUTH-REQUIRED -- user2 at
EXAMPLE
> [2022/10/12 19:39:26.013190, 3]
> ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
> [2022/10/12 19:39:26.024021, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: AS-REQ user2 at EXAMPLE from ipv4:172.27.2.26:50575 for
> krbtgt/EXAMPLE at EXAMPLE
> [2022/10/12 19:39:26.051743, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Client sent patypes: encrypted-timestamp, 128
> [2022/10/12 19:39:26.052093, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE
> [2022/10/12 19:39:26.052302, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE
> [2022/10/12 19:39:26.052948, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: ENC-TS Pre-authentication succeeded -- user2 at EXAMPLE using
> aes256-cts-hmac-sha1-96
> [2022/10/12 19:39:26.053349, 3]
> ../../auth/auth_log.c:635(log_authentication_event_human_readable)
> Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\
> [user2 at EXAMPLE] at [Wed, 12 Oct 2022 19:39:26.053205 CEST] with
> [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation [(null)]
> remote host [ipv4:172.27.2.26:50575] became [EXAMPLE]\[user2]
> [S-1-5-21-578677625-3635414378-1858279571-1105]. local host [NULL]
> {"timestamp": "2022-10-12T19:39:26.053767+0200",
"type":
> "Authentication", "Authentication":
{"version": {"major": 1, "minor":
> 2}, "eventId": 4624, "logonId":
"d3433331ec6a5bf7", "logonType": 3,
> "status": "NT_STATUS_OK", "localAddress":
null, "remoteAddress":
> "ipv4:172.27.2.26:50575", "serviceDescription":
"Kerberos KDC",
> "authDescription": "ENC-TS Pre-authentication",
"clientDomain": null,
> "clientAccount": "user2 at EXAMPLE",
"workstation": null,
> "becameAccount": "user2", "becameDomain":
"EXAMPLE", "becameSid":
> "S-1-5-21-578677625-3635414378-1858279571-1105",
"mappedAccount":
> "user2", "mappedDomain": "EXAMPLE",
"netlogonComputer": null,
> "netlogonTrustAccount": null, "netlogonNegotiateFlags":
"0x00000000",
> "netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
> "passwordType": "aes256-cts-hmac-sha1-96",
"duration": 30203}}
> [2022/10/12 19:39:26.089947, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: AS-REQ authtime: 2022-10-12T19:39:26 starttime: unset
> endtime: 2022-10-13T05:39:26 renew till: 2022-10-19T19:39:26
> [2022/10/12 19:39:26.090338, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
> aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
> [2022/10/12 19:39:26.090474, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Requested flags: renewable-ok, canonicalize, renewable,
forwardable
> [2022/10/12 19:39:26.097520, 3]
> ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
> [2022/10/12 19:39:26.106943, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed to verify authenticator checksum: Decrypt integrity
> check failed for checksum type rsa-md5, key type
> aes256-cts-hmac-sha1-96
> [2022/10/12 19:39:26.107170, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed parsing TGS-REQ from ipv4:172.27.2.26:50576
> [2022/10/12 19:39:26.110456, 3]
> ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
> [2022/10/12 19:39:26.114239, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50577 for
> krbtgt/EXAMPLE.NET at EXAMPLE.NET
> [2022/10/12 19:39:26.127198, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Client sent patypes: 128
> [2022/10/12 19:39:26.127410, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> [2022/10/12 19:39:26.127580, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> [2022/10/12 19:39:26.127768, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: No preauth found, returning PREAUTH-REQUIRED -- user2 at
EXAMPLE.NET
> [2022/10/12 19:39:26.130816, 3]
> ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
> [2022/10/12 19:39:26.140450, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50578 for
> krbtgt/EXAMPLE.NET at EXAMPLE.NET
> [2022/10/12 19:39:26.152897, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Client sent patypes: encrypted-timestamp, 128
> [2022/10/12 19:39:26.153102, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> [2022/10/12 19:39:26.153210, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> [2022/10/12 19:39:26.153583, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: ENC-TS Pre-authentication succeeded -- user2 at EXAMPLE.NET
> using aes256-cts-hmac-sha1-96
> [2022/10/12 19:39:26.153816, 3]
> ../../auth/auth_log.c:635(log_authentication_event_human_readable)
> Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
> [(null)]\[user2 at EXAMPLE.NET] at [Wed, 12 Oct 2022 19:39:26.153732
> CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation
> [(null)] remote host [ipv4:172.27.2.26:50578] became [EXAMPLE]\[user2]
> [S-1-5-21-578677625-3635414378-1858279571-1105]. local host [NULL]
> {"timestamp": "2022-10-12T19:39:26.154039+0200",
"type":
> "Authentication", "Authentication":
{"version": {"major": 1, "minor":
> 2}, "eventId": 4624, "logonId":
"869dfe1fc68f82a8", "logonType": 3,
> "status": "NT_STATUS_OK", "localAddress":
null, "remoteAddress":
> "ipv4:172.27.2.26:50578", "serviceDescription":
"Kerberos KDC",
> "authDescription": "ENC-TS Pre-authentication",
"clientDomain": null,
> "clientAccount": "user2 at EXAMPLE.NET",
"workstation": null,
> "becameAccount": "user2", "becameDomain":
"EXAMPLE", "becameSid":
> "S-1-5-21-578677625-3635414378-1858279571-1105",
"mappedAccount":
> "user2", "mappedDomain": "EXAMPLE",
"netlogonComputer": null,
> "netlogonTrustAccount": null, "netlogonNegotiateFlags":
"0x00000000",
> "netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
> "passwordType": "aes256-cts-hmac-sha1-96",
"duration": 13913}}
> [2022/10/12 19:39:26.182189, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: AS-REQ authtime: 2022-10-12T19:39:26 starttime: unset
> endtime: 2022-10-13T05:39:26 renew till: 2022-10-19T19:39:26
> [2022/10/12 19:39:26.182483, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
> aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
> [2022/10/12 19:39:26.182612, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Requested flags: renewable-ok, canonicalize, renewable,
forwardable
> [2022/10/12 19:39:26.187831, 3]
> ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
> [2022/10/12 19:39:26.197162, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed to verify authenticator checksum: Decrypt integrity
> check failed for checksum type rsa-md5, key type
> aes256-cts-hmac-sha1-96
> [2022/10/12 19:39:26.197385, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed parsing TGS-REQ from ipv4:172.27.2.26:50579
> [2022/10/12 19:39:26.202216, 3]
> ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
> [2022/10/12 19:39:26.206268, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50580 for
> krbtgt/EXAMPLE.NET at EXAMPLE.NET
> [2022/10/12 19:39:26.218896, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Client sent patypes: 128
> [2022/10/12 19:39:26.219112, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> [2022/10/12 19:39:26.219220, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> [2022/10/12 19:39:26.219367, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: No preauth found, returning PREAUTH-REQUIRED -- user2 at
EXAMPLE.NET
> [2022/10/12 19:39:26.226212, 3]
> ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
> [2022/10/12 19:39:26.236585, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50581 for
> krbtgt/EXAMPLE.NET at EXAMPLE.NET
> [2022/10/12 19:39:26.249060, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Client sent patypes: encrypted-timestamp, 128
> [2022/10/12 19:39:26.249272, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> [2022/10/12 19:39:26.249377, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> [2022/10/12 19:39:26.249842, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: ENC-TS Pre-authentication succeeded -- user2 at EXAMPLE.NET
> using aes256-cts-hmac-sha1-96
> [2022/10/12 19:39:26.250084, 3]
> ../../auth/auth_log.c:635(log_authentication_event_human_readable)
> Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
> [(null)]\[user2 at EXAMPLE.NET] at [Wed, 12 Oct 2022 19:39:26.250002
> CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation
> [(null)] remote host [ipv4:172.27.2.26:50581] became [EXAMPLE]\[user2]
> [S-1-5-21-578677625-3635414378-1858279571-1105]. local host [NULL]
> {"timestamp": "2022-10-12T19:39:26.250309+0200",
"type":
> "Authentication", "Authentication":
{"version": {"major": 1, "minor":
> 2}, "eventId": 4624, "logonId":
"b111aea5f91526ac", "logonType": 3,
> "status": "NT_STATUS_OK", "localAddress":
null, "remoteAddress":
> "ipv4:172.27.2.26:50581", "serviceDescription":
"Kerberos KDC",
> "authDescription": "ENC-TS Pre-authentication",
"clientDomain": null,
> "clientAccount": "user2 at EXAMPLE.NET",
"workstation": null,
> "becameAccount": "user2", "becameDomain":
"EXAMPLE", "becameSid":
> "S-1-5-21-578677625-3635414378-1858279571-1105",
"mappedAccount":
> "user2", "mappedDomain": "EXAMPLE",
"netlogonComputer": null,
> "netlogonTrustAccount": null, "netlogonNegotiateFlags":
"0x00000000",
> "netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
> "passwordType": "aes256-cts-hmac-sha1-96",
"duration": 13999}}
> [2022/10/12 19:39:26.278425, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: AS-REQ authtime: 2022-10-12T19:39:26 starttime: unset
> endtime: 2022-10-13T05:39:26 renew till: 2022-10-19T19:39:26
> [2022/10/12 19:39:26.278721, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
> aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
> [2022/10/12 19:39:26.278850, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Requested flags: renewable-ok, canonicalize, renewable,
forwardable
> [2022/10/12 19:39:26.284069, 3]
> ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
> [2022/10/12 19:39:26.293333, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed to verify authenticator checksum: Decrypt integrity
> check failed for checksum type rsa-md5, key type
> aes256-cts-hmac-sha1-96
> [2022/10/12 19:39:26.293567, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed parsing TGS-REQ from ipv4:172.27.2.26:50582
> [2022/10/12 19:39:26.297119, 3]
> ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
> [2022/10/12 19:39:26.301280, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50583 for
> krbtgt/EXAMPLE.NET at EXAMPLE.NET
> [2022/10/12 19:39:26.314043, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Client sent patypes: 128
> [2022/10/12 19:39:26.314253, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> [2022/10/12 19:39:26.314361, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> [2022/10/12 19:39:26.314507, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: No preauth found, returning PREAUTH-REQUIRED -- user2 at
EXAMPLE.NET
> [2022/10/12 19:39:26.317995, 3]
> ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
> [2022/10/12 19:39:26.328064, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: AS-REQ user2 at EXAMPLE.NET from ipv4:172.27.2.26:50584 for
> krbtgt/EXAMPLE.NET at EXAMPLE.NET
> [2022/10/12 19:39:26.340620, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Client sent patypes: encrypted-timestamp, 128
> [2022/10/12 19:39:26.340832, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for PKINIT pa-data -- user2 at EXAMPLE.NET
> [2022/10/12 19:39:26.340934, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Looking for ENC-TS pa-data -- user2 at EXAMPLE.NET
> [2022/10/12 19:39:26.341304, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: ENC-TS Pre-authentication succeeded -- user2 at EXAMPLE.NET
> using aes256-cts-hmac-sha1-96
> [2022/10/12 19:39:26.341534, 3]
> ../../auth/auth_log.c:635(log_authentication_event_human_readable)
> Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
> [(null)]\[user2 at EXAMPLE.NET] at [Wed, 12 Oct 2022 19:39:26.341453
> CEST] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation
> [(null)] remote host [ipv4:172.27.2.26:50584] became [EXAMPLE]\[user2]
> [S-1-5-21-578677625-3635414378-1858279571-1105]. local host [NULL]
> {"timestamp": "2022-10-12T19:39:26.341761+0200",
"type":
> "Authentication", "Authentication":
{"version": {"major": 1, "minor":
> 2}, "eventId": 4624, "logonId":
"4baa7d35daccf446", "logonType": 3,
> "status": "NT_STATUS_OK", "localAddress":
null, "remoteAddress":
> "ipv4:172.27.2.26:50584", "serviceDescription":
"Kerberos KDC",
> "authDescription": "ENC-TS Pre-authentication",
"clientDomain": null,
> "clientAccount": "user2 at EXAMPLE.NET",
"workstation": null,
> "becameAccount": "user2", "becameDomain":
"EXAMPLE", "becameSid":
> "S-1-5-21-578677625-3635414378-1858279571-1105",
"mappedAccount":
> "user2", "mappedDomain": "EXAMPLE",
"netlogonComputer": null,
> "netlogonTrustAccount": null, "netlogonNegotiateFlags":
"0x00000000",
> "netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
> "passwordType": "aes256-cts-hmac-sha1-96",
"duration": 13987}}
> [2022/10/12 19:39:26.369985, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: AS-REQ authtime: 2022-10-12T19:39:26 starttime: unset
> endtime: 2022-10-13T05:39:26 renew till: 2022-10-19T19:39:26
> [2022/10/12 19:39:26.370274, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
> aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, 3, using
> aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
> [2022/10/12 19:39:26.370405, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Requested flags: renewable-ok, canonicalize, renewable,
forwardable
> [2022/10/12 19:39:26.375775, 3]
> ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
> [2022/10/12 19:39:26.385121, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed to verify authenticator checksum: Decrypt integrity
> check failed for checksum type rsa-md5, key type
> aes256-cts-hmac-sha1-96
> [2022/10/12 19:39:26.385343, 3]
> ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
> Kerberos: Failed parsing TGS-REQ from ipv4:172.27.2.26:50585
> [2022/10/12 19:39:26.388686, 3]
> ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
> stream_terminate_connection: Terminating connection -
> 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
>
> is there something wrong in the log file?
>
>
> Thank you,
>
> Diego