karel.de.macil at free.fr
2020-Oct-01 18:06 UTC
[Samba] Failed auth attempt i don't understand.
Le 01/10/2020 19:27, Rowland penny via samba a ?crit?:> On 01/10/2020 18:09, karel de macil via samba wrote: >> Hi all, >> >> when i try to authenticate against my AD (rdesktop authentication) i >> got a wrong password/logname message despite my logname and password >> being exact , in the log i have the following . >> >> Nothing wrong for me. >> >> the only strange thing being the : stream_terminate_connection: >> Terminating connection - 'kdc_tcp_call_loop: >> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' line >> in perticular the second one because just after things seems to >> continue with the : >> >> Kerberos: TGS-REQ Administrator at LOCAL.MYDOMAIN from >> ipv4:192.168.1.23:62418 for >> host/vr083023.LOCAL.MYDOMAIN at LOCAL.MYDOMAIN [canonicalize, renewable, >> forwardable] >> >> line. >> >> Can anyone with more knowledge than me have an eye on the log and tell >> me if he see anything wrong ? >> >> >> >> Kerberos: AS-REQ administrator at LOCAL.MYDOMAIN from >> ipv4:192.168.1.23:62416 for krbtgt/LOCAL.MYDOMAIN at LOCAL.MYDOMAIN > > Is this on a DC or a Unix domain member ?this is a remote desktop attempt on a computer who is in the domain managed by the DC from which i get the log> Why are you using Administrator on Unix ?This is the default administrator account in samba4 but the behavior is the same with any account.> Might help if we see your smb.conf[global] netbios name = DC-TEST realm = LOCAL.MYDOMAIN server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns workgroup = IETR idmap_ldb:use rfc2307 = yes dns forwarder = 129.20.128.39 allow dns updates = nonsecure dns update command=/usr/sbin/samba_dnsupdate --use-samba-tool restrict anonymous = 2 printcap name = /dev/null load printers = no disable spoolss = yes printing = bsd log level = 6 #auth_audit:10@/var/log/samba/log.auth_audit disable netbios = yes smb ports = 445 [netlogon] path = /var/lib/samba/sysvol/local.mydomain/scripts read only = No vfs objects = full_audit [sysvol] path = /var/lib/samba/sysvol read only = No vfs objects = full_audit> Rowland
On 01/10/2020 19:06, karel.de.macil at free.fr wrote:> Le 01/10/2020 19:27, Rowland penny via samba a ?crit?: >> >> Is this on a DC or a Unix domain member ? > > this is a remote desktop attempt on a computer who is in the domain > managed by the DC from which i get the logI actually meant where the log came from.> >> Why are you using Administrator on Unix ? > > This is the default administrator account in samba4 but the behavior > is the same with any account.No, it is the default administrator in AD and as such, shouldn't be used used as a normal user. Another question is, do you use the winbind 'ad' backend anywhere in your network and have you added a uidNumber to Administrator ?> >> Might help if we see your smb.conf > > [global] > ??????? netbios name = DC-TEST > ??????? realm = LOCAL.MYDOMAIN > ??????? server role = active directory domain controller > ??????? server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbind, ntp_signd, kcc, dnsupdate, dns > workgroup = IETR > ??????? idmap_ldb:use rfc2307? = yes > ??????? dns forwarder = 129.20.128.39 > ??????? allow dns updates = nonsecure > ??????? dns update command=/usr/sbin/samba_dnsupdate --use-samba-tool > ??????? restrict anonymous = 2 > ??????? printcap name = /dev/null > ??????? load printers = no > ??????? disable spoolss = yes > ??????? printing = bsd > ??????? log level = 6 > ??????? #auth_audit:10@/var/log/samba/log.auth_audit > ??????? disable netbios = yes > ??????? smb ports = 445 > [netlogon] > ??????? path = /var/lib/samba/sysvol/local.mydomain/scripts > ??????? read only = No > ??????? vfs objects = full_audit > [sysvol] > ??????? path = /var/lib/samba/sysvol > ??????? read only = No > ??????? vfs objects = full_auditBy setting 'vfs objects = full_audit', you have turned off the default vfs objects, if you are going to set a vfs object on a DC, set it like this: vfs objects = dfs_samba4 acl_xattr full_audit Rowland
karel.de.macil at free.fr
2020-Oct-01 19:47 UTC
[Samba] Failed auth attempt i don't understand.
Le 01/10/2020 20:46, Rowland penny via samba a ?crit?:> On 01/10/2020 19:06, karel.de.macil at free.fr wrote: >> Le 01/10/2020 19:27, Rowland penny via samba a ?crit?: >>> >>> Is this on a DC or a Unix domain member ? >> >> this is a remote desktop attempt on a computer who is in the domain >> managed by the DC from which i get the log > I actually meant where the log came from.The log commes from the samba 4 DC of the domain.>> >>> Why are you using Administrator on Unix ? >> >> This is the default administrator account in samba4 but the behavior >> is the same with any account. > > No, it is the default administrator in AD and as such, shouldn't be > used used as a normal user. Another question is, do you use the > winbind 'ad' backend anywhere in your network and have you added a > uidNumber to Administrator ?for winbind, i'm not sur if i'm using it.. for the administrator and his uidNumber : and ldbsearch -H /root/sambackup/private/sam.ldb CN=administrator | grep uidNumber --> uidNumber: 10001> > >> >>> Might help if we see your smb.conf >> >> [global] >> ??????? netbios name = DC-TEST >> ??????? realm = LOCAL.MYDOMAIN >> ??????? server role = active directory domain controller >> ??????? server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, >> drepl, winbind, ntp_signd, kcc, dnsupdate, dns >> workgroup = IETR >> ??????? idmap_ldb:use rfc2307? = yes >> ??????? dns forwarder = 129.20.128.39 >> ??????? allow dns updates = nonsecure >> ??????? dns update command=/usr/sbin/samba_dnsupdate --use-samba-tool >> ??????? restrict anonymous = 2 >> ??????? printcap name = /dev/null >> ??????? load printers = no >> ??????? disable spoolss = yes >> ??????? printing = bsd >> ??????? log level = 6 >> ??????? #auth_audit:10@/var/log/samba/log.auth_audit >> ??????? disable netbios = yes >> ??????? smb ports = 445 >> [netlogon] >> ??????? path = /var/lib/samba/sysvol/local.mydomain/scripts >> ??????? read only = No >> ??????? vfs objects = full_audit >> [sysvol] >> ??????? path = /var/lib/samba/sysvol >> ??????? read only = No >> ??????? vfs objects = full_audit > > By setting 'vfs objects = full_audit', you have turned off the default > vfs objects, if you are going to set a vfs object on a DC, set it like > this: vfs objects = dfs_samba4 acl_xattr full_audit > > Rowlandok i'm gona try to change the conf file accordingly.