Fabio Fantoni
2023-Aug-16 08:24 UTC
[Samba] Windows 10 clients unable to work on domain after update of windows (on client) and samba on dc
Hi, 2 days ago I updated the 2 samba domain controllers debian on latest version of debian stable (that should include support for windows client with july update), I also updated windows 10 clients with latest windows update of latest months after that with all patched for latest updates support the domain don't works on the windows 10 clients, I already tried for hours many things, rejoin domain, remove latest windows update (but one fails to uninstall, also in safe mode), restore backup of dc controller, update to samba 4.18.5 from mjt repository, etc... but nothing worked from /var/log/samba/log.samba there are these errors:> [2023/08/16 10:03:33.914303,? 0] > ../../source4/samba/server.c:621(binary_smbd_main) > ? samba version 4.18.5-Debian started. > ? Copyright Andrew Tridgell and the Samba Team 1992-2023 > [2023/08/16 10:03:33.915622,? 0] > ../../lib/util/become_daemon.c:150(daemon_status) > ? daemon_status: daemon 'samba' : Starting process... > [2023/08/16 10:03:34.150858,? 0] > ../../source4/samba/server.c:896(binary_smbd_main) > ? binary_smbd_main: samba: using 'prefork' process model > [2023/08/16 10:03:35.935988,? 1] > ../../auth/kerberos/gssapi_helper.c:391(gssapi_check_packet) > ? GSS VerifyMic failed:? A token had an invalid MIC: unknown mech-code > 2529638943 for mech 1 2 840 113554 1 2 2 > [2023/08/16 10:03:35.936046,? 0] > ../../source4/auth/gensec/gensec_gssapi.c:1351(gensec_gssapi_check_packet) > gssapi_check_packet(hdr_signing=0,sig_size=28,data=104,pdu=104) > failed: NT_STATUS_ACCESS_DENIED > [2023/08/16 10:03:35.937151,? 0] > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) > ? /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig indicates > error > [2023/08/16 10:03:35.937286,? 0] > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) > ? /usr/sbin/samba_dnsupdate: update failed: NOTAUTH(BADSIG) > [2023/08/16 10:03:35.992678,? 1] > ../../auth/kerberos/gssapi_helper.c:391(gssapi_check_packet) > ? GSS VerifyMic failed:? A token had an invalid MIC: unknown mech-code > 2529638943 for mech 1 2 840 113554 1 2 2 > [2023/08/16 10:03:35.992738,? 0] > ../../source4/auth/gensec/gensec_gssapi.c:1351(gensec_gssapi_check_packet) > gssapi_check_packet(hdr_signing=0,sig_size=28,data=111,pdu=111) > failed: NT_STATUS_ACCESS_DENIED > [2023/08/16 10:03:35.993470,? 0] > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) > ? /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig indicates > error > [2023/08/16 10:03:35.993568,? 0] > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) > ? /usr/sbin/samba_dnsupdate: update failed: NOTAUTH(BADSIG) > [2023/08/16 10:03:36.053098,? 1] > ../../auth/kerberos/gssapi_helper.c:391(gssapi_check_packet) > ? GSS VerifyMic failed:? A token had an invalid MIC: unknown mech-code > 2529638943 for mech 1 2 840 113554 1 2 2 > [2023/08/16 10:03:36.053134,? 0] > ../../source4/auth/gensec/gensec_gssapi.c:1351(gensec_gssapi_check_packet) > gssapi_check_packet(hdr_signing=0,sig_size=28,data=113,pdu=113) > failed: NT_STATUS_ACCESS_DENIED > [2023/08/16 10:03:36.053762,? 0] > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) > ? /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig indicates > error > [2023/08/16 10:03:36.053824,? 0] > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) > ? /usr/sbin/samba_dnsupdate: update failed: NOTAUTH(BADSIG) > [2023/08/16 10:03:36.139994,? 0] > ../../source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done) > ? dnsupdate_nameupdate_done: Failed DNS update with exit code 3I didn't found a solution from a search, can someone please tell me how to solves please? if you need more informations tell me and I'll post them -- Questa email ? stata esaminata alla ricerca di virus dal software antivirus Avast. www.avast.com
Fabio Fantoni
2023-Aug-17 08:25 UTC
[Samba] Windows 10 clients unable to work on domain after update of windows (on client) and samba on dc
Il 16/08/2023 10:24, Fabio Fantoni ha scritto:> Hi, 2 days ago I updated the 2 samba domain controllers debian on > latest version of debian stable (that should include support for > windows client with july update), I also updated windows 10 clients > with latest windows update of latest months > > after that with all patched for latest updates support the domain > don't works on the windows 10 clients, I already tried for hours many > things, rejoin domain, remove latest windows update (but one fails to > uninstall, also in safe mode), restore backup of dc controller, update > to samba 4.18.5 from mjt repository, etc... but nothing worked > > from /var/log/samba/log.samba there are these errors: > >> [2023/08/16 10:03:33.914303,? 0] >> ../../source4/samba/server.c:621(binary_smbd_main) >> ? samba version 4.18.5-Debian started. >> ? Copyright Andrew Tridgell and the Samba Team 1992-2023 >> [2023/08/16 10:03:33.915622,? 0] >> ../../lib/util/become_daemon.c:150(daemon_status) >> ? daemon_status: daemon 'samba' : Starting process... >> [2023/08/16 10:03:34.150858,? 0] >> ../../source4/samba/server.c:896(binary_smbd_main) >> ? binary_smbd_main: samba: using 'prefork' process model >> [2023/08/16 10:03:35.935988,? 1] >> ../../auth/kerberos/gssapi_helper.c:391(gssapi_check_packet) >> ? GSS VerifyMic failed:? A token had an invalid MIC: unknown >> mech-code 2529638943 for mech 1 2 840 113554 1 2 2 >> [2023/08/16 10:03:35.936046,? 0] >> ../../source4/auth/gensec/gensec_gssapi.c:1351(gensec_gssapi_check_packet) >> gssapi_check_packet(hdr_signing=0,sig_size=28,data=104,pdu=104) >> failed: NT_STATUS_ACCESS_DENIED >> [2023/08/16 10:03:35.937151,? 0] >> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) >> ? /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig indicates >> error >> [2023/08/16 10:03:35.937286,? 0] >> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) >> ? /usr/sbin/samba_dnsupdate: update failed: NOTAUTH(BADSIG) >> [2023/08/16 10:03:35.992678,? 1] >> ../../auth/kerberos/gssapi_helper.c:391(gssapi_check_packet) >> ? GSS VerifyMic failed:? A token had an invalid MIC: unknown >> mech-code 2529638943 for mech 1 2 840 113554 1 2 2 >> [2023/08/16 10:03:35.992738,? 0] >> ../../source4/auth/gensec/gensec_gssapi.c:1351(gensec_gssapi_check_packet) >> gssapi_check_packet(hdr_signing=0,sig_size=28,data=111,pdu=111) >> failed: NT_STATUS_ACCESS_DENIED >> [2023/08/16 10:03:35.993470,? 0] >> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) >> ? /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig indicates >> error >> [2023/08/16 10:03:35.993568,? 0] >> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) >> ? /usr/sbin/samba_dnsupdate: update failed: NOTAUTH(BADSIG) >> [2023/08/16 10:03:36.053098,? 1] >> ../../auth/kerberos/gssapi_helper.c:391(gssapi_check_packet) >> ? GSS VerifyMic failed:? A token had an invalid MIC: unknown >> mech-code 2529638943 for mech 1 2 840 113554 1 2 2 >> [2023/08/16 10:03:36.053134,? 0] >> ../../source4/auth/gensec/gensec_gssapi.c:1351(gensec_gssapi_check_packet) >> gssapi_check_packet(hdr_signing=0,sig_size=28,data=113,pdu=113) >> failed: NT_STATUS_ACCESS_DENIED >> [2023/08/16 10:03:36.053762,? 0] >> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) >> ? /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig indicates >> error >> [2023/08/16 10:03:36.053824,? 0] >> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) >> ? /usr/sbin/samba_dnsupdate: update failed: NOTAUTH(BADSIG) >> [2023/08/16 10:03:36.139994,? 0] >> ../../source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done) >> ? dnsupdate_nameupdate_done: Failed DNS update with exit code 3 > I didn't found a solution from a search, can someone please tell me > how to solves please? > > if you need more informations tell me and I'll post them >Hi, update after other tests: The samba_dnsupdate issue above was because on this dc there was itself as first dns in /etc/resolv.conf but as not pdc anymore fails to update dns record, after set new pdc as first dns server in resolv.conf worked. is it correct that samba_dnsupdate works only with pdc? Another issue solved was not related to samba Remain the netlogon and sysvol share not accessible from windows 10 client using the filemanager, group policy are still working anyway; I not understand why these share are not accessible, someone know the cause please? -- Fabio Fantoni - email: fabio.fantoni at m2r.biz M2R di Emilio Bruna 7, v. Leutelmonte - 25040 Esine (BS) Voce: 0364 360552 Le informazioni contenute in questo messaggio sono riservate e confidenziali. Il loro utilizzo ? consentito esclusivamente al destinatario del messaggio, per le finalit? indicate nel messaggio stesso. Qualora tu non fossi la persona a cui il presente messaggio ? destinato o lo stesso ti fosse pervenuto per errore, ti invitiamo ad eliminarlo dal tuo sistema e a distruggere le varie copie o stampe, dandocene gentilmente comunicazione. Ogni utilizzo improprio ? contrario ai principi del RE UE 679/16. -- Questa email ? stata esaminata alla ricerca di virus dal software antivirus Avast. www.avast.com