On 24/04/2020 14:02, Enrico Morelli wrote:> On Fri, 24 Apr 2020 13:15:57 +0100 > Rowland penny via samba <samba at lists.samba.org> wrote: > >> On 24/04/2020 12:32, Enrico Morelli via samba wrote: >>> On Fri, 24 Apr 2020 11:59:23 +0100 >>> Rowland penny via samba <samba at lists.samba.org> wrote: >>> >>>> On 24/04/2020 11:38, Enrico Morelli via samba wrote: >>>>> On Thu, 23 Apr 2020 08:08:39 +1200 >>>>> Andrew Bartlett via samba <samba at lists.samba.org> wrote: >>>>> >>>>>> On Wed, 2020-04-22 at 20:01 +0100, Rowland penny via samba >>>>>> wrote: >>>>>>> On 22/04/2020 19:25, Enrico Morelli via samba wrote: >>>>>>>>> On 22/04/2020 16:06, Enrico Morelli via samba wrote: >>>>>>>>>> Dear, >>>>>>>>>> >>>>>>>>>> on my debian system I upgraded samba from 4.5.16 to 4.9.5. My >>>>>>>>>> samba >>>>>>>>>> server is configured as domain controller. >>>>>>>>>> >>>>>>>>>> Now happens a strange thing. From a windows 10 client I'm >>>>>>>>>> able to login >>>>>>>>>> with a domain user without problem. But if I logout and try >>>>>>>>>> to enter >>>>>>>>>> the password for the same user, Windows tells me that the >>>>>>>>>> password is >>>>>>>>>> incorrect. >>>>>>>>>> >>>>>>>>>> To be able to loing, I've to select Other User, enter >>>>>>>>>> username and >>>>>>>>>> password and all works fine. But if I logout and enter the >>>>>>>>>> same password, Windows tells me "Incorrect password". >>>>>>>>>> >>>>>>> Apart from multiple default lines, there doesn't seem to >>>>>>> anything really >>>>>>> wrong with your smb.conf, so it looks like this could be yet >>>>>>> another reason to not use Windows 10 with an NT4-style PDC. >>>>>>> >>>>>>> You could try raising the log level, add 'log level = 10' to the >>>>>>> smb.conf and restart Samba, but beware, this will lead to a lot >>>>>>> of output. >>>>>> Thanks Rowland. This is the right approach. Once we get that, >>>>>> we should be (even log level 5 would show it) able to work out >>>>>> what username form was being sent in both cases, and see if we >>>>>> can map between them. >>>>>> >>>>>> Andrew Bartlett >>>>>> >>>>> I'd set the loglevel to 5 and happens a strange thing: >>>>> >>>>> SAM Logon (Interactive). Domain:[CERMDOMAIN]. >>>>> User:[visitor2 at STUDENTI2] Requested Domain:[DOMAIN] >>>>> [2020/04/24 12:04:50.144675, >>>>> 5] ../source3/rpc_server/netlogon/srv_netlog_nt.c:1628(_netr_LogonSamLogon_base) >>>>> Attempting validation level 3 for unmapped username visitor2. >>>>> [2020/04/24 12:04:50.144698, >>>>> 5] ../source3/auth/auth.c:412(load_auth_module) load_auth_module: >>>>> Attempting to find an auth method to match sam_netlogon3 >>>>> [2020/04/24 12:04:50.144715, >>>>> 5] ../source3/auth/auth.c:437(load_auth_module) load_auth_module: >>>>> auth method sam_netlogon3 has a valid init [2020/04/24 >>>>> 12:04:50.144729, 5] ../source3/auth/auth.c:412(load_auth_module) >>>>> load_auth_module: Attempting to find an auth method to match >>>>> winbind [2020/04/24 12:04:50.144743, >>>>> 5] ../source3/auth/auth.c:437(load_auth_module) load_auth_module: >>>>> auth method winbind has a valid init [2020/04/24 12:04:50.144894, >>>>> 5] ../source3/auth/auth_util.c:122(make_user_info_map) Mapping >>>>> user [DOMAIN]\[visitor2] from workstation [STUDENTI2] [2020/04/24 >>>>> 12:04:50.144910, >>>>> 5] ../source3/auth/user_info.c:64(make_user_info) attempting to >>>>> make a user_info for visitor2 (visitor2) [2020/04/24 >>>>> 12:04:50.144962, >>>>> 3] ../source3/auth/auth.c:189(auth_check_ntlm_password) >>>>> check_ntlm_password: Checking password for unmapped user >>>>> [DOMAIN]\[visitor2]@[STUDENTI2] with the new password interface >>>>> [2020/04/24 12:04:50.144978, >>>>> 3] ../source3/auth/auth.c:192(auth_check_ntlm_password) >>>>> check_ntlm_password: mapped user is: >>>>> [DOMAIN]\[visitor2]@[STUDENTI2] [2020/04/24 12:04:50.145020, >>>>> 5] ../source3/auth/auth_sam.c:162(auth_sam_netlogon3_auth) >>>>> auth_sam_netlogon3_auth: DOMAIN is not our domain name (DC for >>>>> CERMDOMAIN) 2020/04/24 12:04:50.145228, >>>>> 5] ../source3/auth/auth.c:251(auth_check_ntlm_password) >>>>> auth_check_ntlm_password: winbind authentication for user >>>>> [visitor2] FAILED with error NT_STATUS_NO_SUCH_USER, >>>>> authoritative=0 [2020/04/24 12:04:50.145246, >>>>> 2] ../source3/auth/auth.c:334(auth_check_ntlm_password) >>>>> check_ntlm_password: Authentication for user [visitor2] -> >>>>> [visitor2] FAILED with error NT_STATUS_NO_SUCH_USER, >>>>> authoritative=0 [2020/04/24 12:04:50.145276, >>>>> 2] ../auth/auth_log.c:610(log_authentication_event_human_readable) >>>>> Auth: [SamLogon,(null)] user [DOMAIN]\[visitor2] at [Fri, 24 Apr >>>>> 2020 12:04:50.145263 CEST] with [Supplied-NT-Hash] status >>>>> [NT_STATUS_NO_SUCH_USER] workstation [STUDENTI2] remote host >>>>> [ipv4:192.168.100.12:51475] mapped to [DOMAIN]\[visitor2]. local >>>>> host [ipv4:192.168.100.27:445] >>>>> >>>>> >>>>> Seems like the studenti2 PC is in a wrong domain, but I checked >>>>> that and it is on the correct CERMDOMAIN domain. >>>>> In the past we had an old samba server that served as DC for >>>>> DOMAIN domain. But now, all the machine are configured to use the >>>>> new domain and before the update all worked fine. >>>>> >>>>> I'm very confused because this is the behavior of all the windows >>>>> 10 machines in the domain. >>>>> >>>>> I also tried to remove the studenti2 machine from the domain and >>>>> put it again without any result. >>>>> >>>> Problem is that you posted this in your smb.conf: >>>> >>>> ??? workgroup = DOMAIN >>>> >>>> Is the 'DOMAIN' actually 'CERMDOMAIN' ? or is it something else ? >>>> >>>> Rowland >>> The actual domain is CERMDOMAIN. Sorry. >> OK, at the top of your log fragment is this: >> >> SAM Logon (Interactive). Domain:[CERMDOMAIN]. >> User:[visitor2 at STUDENTI2] Requested Domain:[DOMAIN] >> >> So, your actual Domain is 'CERMDOMAIN', but the Win 10 machine seems >> to be sending 'DOMAIN', which isn't 'CERMDOMAIN', is this correct ? >> >> If it is, then the problem seems to be a Windows one, it doesn't look >> like it is sending the correct data. Do you recognise what 'DOMAIN' >> is ? Is it the dns domain ? or the name of the computer ? >> >> Rowland >> > Really I don't know. It isn't a dns domain not the computer name (it's > studenti2). DOMAIN is the domain I used before CERMDOMAIN, but I hadn't > problem before the update. Really I don't understand, because as I > wrote, if I login the user after a reboot I'm able to enter, but if I > logout the user and try to re-enter I receive Incorrect password. So > I've to enter as Other user and with the same username and password > I'm able to enter. I'm going crazy. > >How are logging in to Windows 10 ? Is it 'CERMDOMAIN\username' or 'username' ? Rowland
Enrico Morelli
2020-Apr-24 13:55 UTC
[Samba] Samba update cause windows incorrect password
On Fri, 24 Apr 2020 14:26:36 +0100 Rowland penny via samba <samba at lists.samba.org> wrote:> On 24/04/2020 14:02, Enrico Morelli wrote: > > On Fri, 24 Apr 2020 13:15:57 +0100 > > Rowland penny via samba <samba at lists.samba.org> wrote: > > > >> On 24/04/2020 12:32, Enrico Morelli via samba wrote: > >>> On Fri, 24 Apr 2020 11:59:23 +0100 > >>> Rowland penny via samba <samba at lists.samba.org> wrote: > >>> > >>>> On 24/04/2020 11:38, Enrico Morelli via samba wrote: > >>>>> On Thu, 23 Apr 2020 08:08:39 +1200 > >>>>> Andrew Bartlett via samba <samba at lists.samba.org> wrote: > >>>>> > >>>>>> On Wed, 2020-04-22 at 20:01 +0100, Rowland penny via samba > >>>>>> wrote: > >>>>>>> On 22/04/2020 19:25, Enrico Morelli via samba wrote: > >>>>>>>>> On 22/04/2020 16:06, Enrico Morelli via samba wrote: > >>>>>>>>>> Dear, > >>>>>>>>>> > >>>>>>>>>> on my debian system I upgraded samba from 4.5.16 to 4.9.5. > >>>>>>>>>> My samba > >>>>>>>>>> server is configured as domain controller. > >>>>>>>>>> > >>>>>>>>>> Now happens a strange thing. From a windows 10 client I'm > >>>>>>>>>> able to login > >>>>>>>>>> with a domain user without problem. But if I logout and try > >>>>>>>>>> to enter > >>>>>>>>>> the password for the same user, Windows tells me that the > >>>>>>>>>> password is > >>>>>>>>>> incorrect. > >>>>>>>>>> > >>>>>>>>>> To be able to loing, I've to select Other User, enter > >>>>>>>>>> username and > >>>>>>>>>> password and all works fine. But if I logout and enter the > >>>>>>>>>> same password, Windows tells me "Incorrect password". > >>>>>>>>>> > >>>>>>> Apart from multiple default lines, there doesn't seem to > >>>>>>> anything really > >>>>>>> wrong with your smb.conf, so it looks like this could be yet > >>>>>>> another reason to not use Windows 10 with an NT4-style PDC. > >>>>>>> > >>>>>>> You could try raising the log level, add 'log level = 10' to > >>>>>>> the smb.conf and restart Samba, but beware, this will lead to > >>>>>>> a lot of output. > >>>>>> Thanks Rowland. This is the right approach. Once we get that, > >>>>>> we should be (even log level 5 would show it) able to work out > >>>>>> what username form was being sent in both cases, and see if we > >>>>>> can map between them. > >>>>>> > >>>>>> Andrew Bartlett > >>>>>> > >>>>> I'd set the loglevel to 5 and happens a strange thing: > >>>>> > >>>>> SAM Logon (Interactive). Domain:[CERMDOMAIN]. > >>>>> User:[visitor2 at STUDENTI2] Requested Domain:[DOMAIN] > >>>>> [2020/04/24 12:04:50.144675, > >>>>> 5] ../source3/rpc_server/netlogon/srv_netlog_nt.c:1628(_netr_LogonSamLogon_base) > >>>>> Attempting validation level 3 for unmapped username visitor2. > >>>>> [2020/04/24 12:04:50.144698, > >>>>> 5] ../source3/auth/auth.c:412(load_auth_module) > >>>>> load_auth_module: Attempting to find an auth method to match > >>>>> sam_netlogon3 [2020/04/24 12:04:50.144715, > >>>>> 5] ../source3/auth/auth.c:437(load_auth_module) > >>>>> load_auth_module: auth method sam_netlogon3 has a valid init > >>>>> [2020/04/24 12:04:50.144729, > >>>>> 5] ../source3/auth/auth.c:412(load_auth_module) > >>>>> load_auth_module: Attempting to find an auth method to match > >>>>> winbind [2020/04/24 12:04:50.144743, > >>>>> 5] ../source3/auth/auth.c:437(load_auth_module) > >>>>> load_auth_module: auth method winbind has a valid init > >>>>> [2020/04/24 12:04:50.144894, > >>>>> 5] ../source3/auth/auth_util.c:122(make_user_info_map) Mapping > >>>>> user [DOMAIN]\[visitor2] from workstation [STUDENTI2] > >>>>> [2020/04/24 12:04:50.144910, > >>>>> 5] ../source3/auth/user_info.c:64(make_user_info) attempting to > >>>>> make a user_info for visitor2 (visitor2) [2020/04/24 > >>>>> 12:04:50.144962, > >>>>> 3] ../source3/auth/auth.c:189(auth_check_ntlm_password) > >>>>> check_ntlm_password: Checking password for unmapped user > >>>>> [DOMAIN]\[visitor2]@[STUDENTI2] with the new password interface > >>>>> [2020/04/24 12:04:50.144978, > >>>>> 3] ../source3/auth/auth.c:192(auth_check_ntlm_password) > >>>>> check_ntlm_password: mapped user is: > >>>>> [DOMAIN]\[visitor2]@[STUDENTI2] [2020/04/24 12:04:50.145020, > >>>>> 5] ../source3/auth/auth_sam.c:162(auth_sam_netlogon3_auth) > >>>>> auth_sam_netlogon3_auth: DOMAIN is not our domain name (DC for > >>>>> CERMDOMAIN) 2020/04/24 12:04:50.145228, > >>>>> 5] ../source3/auth/auth.c:251(auth_check_ntlm_password) > >>>>> auth_check_ntlm_password: winbind authentication for user > >>>>> [visitor2] FAILED with error NT_STATUS_NO_SUCH_USER, > >>>>> authoritative=0 [2020/04/24 12:04:50.145246, > >>>>> 2] ../source3/auth/auth.c:334(auth_check_ntlm_password) > >>>>> check_ntlm_password: Authentication for user [visitor2] -> > >>>>> [visitor2] FAILED with error NT_STATUS_NO_SUCH_USER, > >>>>> authoritative=0 [2020/04/24 12:04:50.145276, > >>>>> 2] ../auth/auth_log.c:610(log_authentication_event_human_readable) > >>>>> Auth: [SamLogon,(null)] user [DOMAIN]\[visitor2] at [Fri, 24 > >>>>> Apr 2020 12:04:50.145263 CEST] with [Supplied-NT-Hash] status > >>>>> [NT_STATUS_NO_SUCH_USER] workstation [STUDENTI2] remote host > >>>>> [ipv4:192.168.100.12:51475] mapped to [DOMAIN]\[visitor2]. > >>>>> local host [ipv4:192.168.100.27:445] > >>>>> > >>>>> > >>>>> Seems like the studenti2 PC is in a wrong domain, but I checked > >>>>> that and it is on the correct CERMDOMAIN domain. > >>>>> In the past we had an old samba server that served as DC for > >>>>> DOMAIN domain. But now, all the machine are configured to use > >>>>> the new domain and before the update all worked fine. > >>>>> > >>>>> I'm very confused because this is the behavior of all the > >>>>> windows 10 machines in the domain. > >>>>> > >>>>> I also tried to remove the studenti2 machine from the domain and > >>>>> put it again without any result. > >>>>> > >>>> Problem is that you posted this in your smb.conf: > >>>> > >>>> ??? workgroup = DOMAIN > >>>> > >>>> Is the 'DOMAIN' actually 'CERMDOMAIN' ? or is it something else ? > >>>> > >>>> Rowland > >>> The actual domain is CERMDOMAIN. Sorry. > >> OK, at the top of your log fragment is this: > >> > >> SAM Logon (Interactive). Domain:[CERMDOMAIN]. > >> User:[visitor2 at STUDENTI2] Requested Domain:[DOMAIN] > >> > >> So, your actual Domain is 'CERMDOMAIN', but the Win 10 machine > >> seems to be sending 'DOMAIN', which isn't 'CERMDOMAIN', is this > >> correct ? > >> > >> If it is, then the problem seems to be a Windows one, it doesn't > >> look like it is sending the correct data. Do you recognise what > >> 'DOMAIN' is ? Is it the dns domain ? or the name of the computer ? > >> > >> Rowland > >> > > Really I don't know. It isn't a dns domain not the computer name > > (it's studenti2). DOMAIN is the domain I used before CERMDOMAIN, > > but I hadn't problem before the update. Really I don't understand, > > because as I wrote, if I login the user after a reboot I'm able to > > enter, but if I logout the user and try to re-enter I receive > > Incorrect password. So I've to enter as Other user and with the > > same username and password I'm able to enter. I'm going crazy. > > > > > How are logging in to Windows 10 ? > > Is it 'CERMDOMAIN\username' or 'username' ? > > Rowland > > >I shared some pictures. This is the login page, as you see the domain seems to be correct https://drive.google.com/open?id=1cA-9Y90mbXpU8p7_T28WsV4fcLbqa7-J After entered username and password, I'm able to login: https://drive.google.com/open?id=1cABgFwpmQ3X79Ju0DtsmLKcp8n403h7W I check the domain of the computer and seems to be ok: https://drive.google.com/open?id=1boRTqeUa_09EZ9qeyot7wObFkrNpMCTJ I logout the user or lock the screen and try to re-enter: https://drive.google.com/open?id=1bxk-YUqUw9euPs3KXJgTAya3LAIsdUUB Enter the password and et voil? the error: https://drive.google.com/open?id=1bx9xOoZ3zOWkSR73ZNcxsbOz_SVc7vPz -- ----------------------------------------------------------- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY ------------------------------------------------------------
On 24/04/2020 14:55, Enrico Morelli via samba wrote:> I shared some pictures. > This is the login page, as you see the domain seems to be correctVery strange, is SMBv1 enabled on the Win 10 computer ? It does look like the Win 10 computer is sending the old domain/workgroup name, but your pictures show that the user is logging into the 'CERMDOMAIN', so somewhere along the line it is finding the old domain. Rowland