Enrico Morelli
2020-Apr-22 18:25 UTC
[Samba] Samba update cause windows incorrect password
On 22-04-2020 17:29, Rowland penny via samba wrote:> On 22/04/2020 16:06, Enrico Morelli via samba wrote: >> Dear, >> >> on my debian system I upgraded samba from 4.5.16 to 4.9.5. My samba >> server is configured as domain controller. >> >> Now happens a strange thing. From a windows 10 client I'm able to >> login >> with a domain user without problem. But if I logout and try to enter >> the password for the same user, Windows tells me that the password is >> incorrect. >> >> To be able to loing, I've to select Other User, enter username and >> password and all works fine. But if I logout and enter the same >> password, Windows tells me "Incorrect password". >> >> In the samba log file I've only: >> >> ./source3/auth/auth_winbind.c:129(check_winbind_security) >> check_winbind_security: pdb_enum_trusted_domains() failed - >> NT_STATUS_NOT_IMPLEMENTED >> >> No other error messages: >> >> Follow some configuration from smb.conf: >> > Please do not do that, it doesn't help, please post the entire smb.conf > > RowlandOk. [global] workgroup = DOMAIN server string = Samba Server Version %v netbios name = pdc hosts allow = 127. 192.168.100. name resolve order = lmhosts security = user passdb backend = tdbsam ntlm auth = yes lanman auth = no client ntlmv2 auth = yes client use spnego = no domain master = yes local master = yes domain logons = yes server max protocol = NT1 #server max protocol = SMB3 #server min protocol = SMB3 browse list = yes # the login script name depends on the machine name ; logon script = %m.bat # the login script name depends on the unix user used logon script = logon.bat logon path = \\%L\Profiles\%U # disables profiles support by specifing an empty path logon drive = Z: ;logon path ; logon home add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /n ohome -s /bin/false "%u" delete user script = /usr/sbin/userdel "%u" delete user from group script = /usr/sbin/userdel "%u" "%g" delete group script = /usr/sbin/groupdel "%g" wins support = yes ; wins server = w.x.y.z wins proxy = yes dns proxy = yes [homes] comment = Home Directories browseable = no writable = yes hide dot files = yes nt acl support = no create mask = 0600 directory mask = 0700 ;valid users = %S ; valid users = MYDOMAIN\%S [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon browseable = no read only = yes guest ok = no writable = no [Profiles.V6] path = /win_shares/profiles/%u.V6 read only = no create mask = 0600 directory mask = 0700 browseable = no guest ok = no printable = no -- ----------------------------------------------------------- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY ------------------------------------------------------------
On 22/04/2020 19:25, Enrico Morelli via samba wrote:>> On 22/04/2020 16:06, Enrico Morelli via samba wrote: >>> Dear, >>> >>> on my debian system I upgraded samba from 4.5.16 to 4.9.5. My samba >>> server is configured as domain controller. >>> >>> Now happens a strange thing. From a windows 10 client I'm able to login >>> with a domain user without problem. But if I logout and try to enter >>> the password for the same user, Windows tells me that the password is >>> incorrect. >>> >>> To be able to loing, I've to select Other User, enter username and >>> password and all works fine. But if I logout and enter the same >>> password, Windows tells me "Incorrect password". >>>Apart from multiple default lines, there doesn't seem to anything really wrong with your smb.conf, so it looks like this could be yet another reason to not use Windows 10 with an NT4-style PDC. You could try raising the log level, add 'log level = 10' to the smb.conf and restart Samba, but beware, this will lead to a lot of output. Rowland
Andrew Bartlett
2020-Apr-22 20:08 UTC
[Samba] Samba update cause windows incorrect password
On Wed, 2020-04-22 at 20:01 +0100, Rowland penny via samba wrote:> On 22/04/2020 19:25, Enrico Morelli via samba wrote: > > > On 22/04/2020 16:06, Enrico Morelli via samba wrote: > > > > Dear, > > > > > > > > on my debian system I upgraded samba from 4.5.16 to 4.9.5. My > > > > samba > > > > server is configured as domain controller. > > > > > > > > Now happens a strange thing. From a windows 10 client I'm able > > > > to login > > > > with a domain user without problem. But if I logout and try to > > > > enter > > > > the password for the same user, Windows tells me that the > > > > password is > > > > incorrect. > > > > > > > > To be able to loing, I've to select Other User, enter username > > > > and > > > > password and all works fine. But if I logout and enter the same > > > > password, Windows tells me "Incorrect password". > > > > > > Apart from multiple default lines, there doesn't seem to anything > really > wrong with your smb.conf, so it looks like this could be yet another > reason to not use Windows 10 with an NT4-style PDC. > > You could try raising the log level, add 'log level = 10' to the > smb.conf and restart Samba, but beware, this will lead to a lot of > output.Thanks Rowland. This is the right approach. Once we get that, we should be (even log level 5 would show it) able to work out what username form was being sent in both cases, and see if we can map between them. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba