4 DC's Samba version 4.19.2 compiled from tarball on Debian 12.2 (have run this way always up to date tarballs for maybe 15 years. Wkstations: Windows 10 up dated to latest security patches About a week and half ago, workstations started fail on login with "Incorrect Password" until restarted, sometimes several times after which no problem for maybe a few days. (not sure about this, just don't seem to get calls right the next day on the same PC.) Remote Desktop also behaves peculiarly when workstation is in this state -- a successful connection may actually get the user to a log in screen they can't get past. Normally Remote Desktop will drop the connection if the password fails. This looks like the connection to the machine is successful, but the windows session connection fails. If network cable is unplugged the PC logs in fine, using the locally cached password hash. Log level 255 for an affected PC doesn't look that promising. The only thing that looks suspicious are exchanges where there's some sort of authentication and the workstation presents its IP address as its name. Wireshark traffic of the failing login (decoded by use of a DC keytab) reveals a bunch of successful requests and responses. No glaring errors. Investigation reveals that dynamic DNS updates are not working. I reset allow dns update to 'nonsecure' -- no difference. Could this be the cause? Recent changes to the system: Upgrade to samba 4.19.2 from 4.19.1 raise domain/forest funtional level from 2003 to 2008_r2 (in preparation for Entra Cloud software. Better than AD Connect?) Windows service packs? Any ideas/pointers appreciated...
On 31.10.2023 21:45, Ray Klassen via samba wrote:> 4 DC's Samba version 4.19.2 compiled from tarball on Debian 12.2 (have > run this way always up to date tarballs for maybe 15 years. > Wkstations: Windows 10 up dated to latest security patches About a > week and half ago, workstations started fail on login with "Incorrect > Password" until restarted, sometimes several times after which no > problem for maybe a few days. (not sure about this, just don't seem to > get calls right the next day on the same PC.) Remote Desktop also > behaves peculiarly when workstation is in this state -- a successful > connection may actually get the user to a log in screen they can't get > past. Normally Remote Desktop will drop the connection if the password > fails. This looks like the connection to the machine is successful, > but the windows session connection fails. If network cable is > unplugged the PC logs in fine, using the locally cached password hash. > Log level 255 for an affected PC doesn't look that promising. The only > thing that looks suspicious are exchanges wh > ere there's some sort of authentication and the workstation presents > its IP address as its name. Wireshark traffic of the failing login > (decoded by use of a DC keytab) reveals a bunch of successful requests > and responses. No glaring errors. Investigation reveals that dynamic > DNS updates are not working. I reset allow dns update to 'nonsecure' > -- no difference. Could this be the cause? Recent changes to the > system: Upgrade to samba 4.19.2 from 4.19.1 raise domain/forest > funtional level from 2003 to 2008_r2 (in preparation for Entra Cloud > software. Better than AD Connect?) Windows service packs? Any > ideas/pointers appreciated...Hi Ray, Clock synchronization? If you have got ntpsec on the DCs, that wont work. Must use Chrony. Best regards, Peter
Possibly Parallel Threads
- windows workstations needing reboot to validate passwords. --ADDENDUM
- windows workstations needing reboot to validate passwords. --ADDENDUM
- windows workstations needing reboot to validate passwords. --ADDENDUM
- windows workstations needing reboot to validate passwords. -- ERROR MESSAGE
- windows workstations needing reboot to validate passwords. --ADDENDUM