thr3ads.net - samba - [Samba] Problem after update version 4.15.0 [Sep 2021]

If this information is useful, please help other people find it:
Share via:

rme at bluemail.ch

2021-Sep-28 21:24 UTC

[Samba] Problem after update version 4.15.0

> my last version 4.14.7
I actually have the same problem upgrading from 4.14.7.

In fact I found it's not happening to all workstations and seems to be 
limited to workstation accounts only. On affected workstations no login 
is possible. However connecting to shares using a local user account on 
this workstation is working just fine. Just no domain user login is 
possible while the workstation reporting invalid password.

I can also migrate back to 4.17.7 binaries and I am able to log on to 
the workstation again.

Somehow it does not affect workstations recently joined to the domain 
but seems to affect only workstations joined to the domain since a long 
time. Actually one workstation I am able to reproduce the issue is 
joined since 2016.
Re-joining the workstation might fix the issue but is not really an 
option I want to follow.

Also resetting the computer account did not change anything.

I also compared "samba-tool computer show" of a working and one 
non-working machine and can't find any differences other than timestamps.

Also tried different protocols (limiting to SMB2 and also disabling 
signing on client and server side) without success.


Logs:

[2021/09/28 23:12:11.479107,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:564(make_auth3_context_for_ntlm)
   make_auth3_context_for_ntlm: Making default auth method list for 
server role = 'active directory domain controller'
[2021/09/28 23:12:11.479171,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:52(smb_register_auth)
   Attempting to register auth backend anonymous
[2021/09/28 23:12:11.479199,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:64(smb_register_auth)
   Successfully added auth method 'anonymous'
[2021/09/28 23:12:11.479217,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:52(smb_register_auth)
   Attempting to register auth backend sam
[2021/09/28 23:12:11.479232,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:64(smb_register_auth)
   Successfully added auth method 'sam'
[2021/09/28 23:12:11.479247,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:52(smb_register_auth)
   Attempting to register auth backend sam_ignoredomain
[2021/09/28 23:12:11.479263,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:64(smb_register_auth)
   Successfully added auth method 'sam_ignoredomain'
[2021/09/28 23:12:11.479278,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:52(smb_register_auth)
   Attempting to register auth backend sam_netlogon3
[2021/09/28 23:12:11.479307,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:64(smb_register_auth)
   Successfully added auth method 'sam_netlogon3'
[2021/09/28 23:12:11.479324,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:52(smb_register_auth)
   Attempting to register auth backend winbind
[2021/09/28 23:12:11.479339,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:64(smb_register_auth)
   Successfully added auth method 'winbind'
[2021/09/28 23:12:11.479354,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:52(smb_register_auth)
   Attempting to register auth backend unix
[2021/09/28 23:12:11.479370,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:64(smb_register_auth)
   Successfully added auth method 'unix'
[2021/09/28 23:12:11.479395,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:52(smb_register_auth)
   Attempting to register auth backend samba4
[2021/09/28 23:12:11.479411,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:64(smb_register_auth)
   Successfully added auth method 'samba4'
[2021/09/28 23:12:11.479426,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:426(load_auth_module)
   load_auth_module: Attempting to find an auth method to match samba4
[2021/09/28 23:12:11.482777,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register)
   GENSEC backend 'gssapi_spnego' registered
[2021/09/28 23:12:11.482852,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register)
   GENSEC backend 'gssapi_krb5' registered
[2021/09/28 23:12:11.482870,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register)
   GENSEC backend 'gssapi_krb5_sasl' registered
[2021/09/28 23:12:11.482913,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register)
   GENSEC backend 'spnego' registered
[2021/09/28 23:12:11.482931,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register)
   GENSEC backend 'schannel' registered
[2021/09/28 23:12:11.482948,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register)
   GENSEC backend 'naclrpc_as_system' registered
[2021/09/28 23:12:11.482974,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register)
   GENSEC backend 'sasl-EXTERNAL' registered
[2021/09/28 23:12:11.482992,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register)
   GENSEC backend 'ntlmssp' registered
[2021/09/28 23:12:11.483009,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register)
   GENSEC backend 'ntlmssp_resume_ccache' registered
[2021/09/28 23:12:11.483027,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register)
   GENSEC backend 'http_basic' registered
[2021/09/28 23:12:11.483045,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register)
   GENSEC backend 'http_ntlm' registered
[2021/09/28 23:12:11.483062,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register)
   GENSEC backend 'http_negotiate' registered
[2021/09/28 23:12:11.483079,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register)
   GENSEC backend 'krb5' registered
[2021/09/28 23:12:11.483096,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:1082(gensec_register)
   GENSEC backend 'fake_gssapi_krb5' registered
[2021/09/28 23:12:11.483115,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:451(load_auth_module)
   load_auth_module: auth method samba4 has a valid init
[2021/09/28 23:12:11.489069,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source4/auth/ntlm/auth.c:831(auth_register)
   AUTH backend 'sam' registered
[2021/09/28 23:12:11.489126,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source4/auth/ntlm/auth.c:831(auth_register)
   AUTH backend 'sam_ignoredomain' registered
[2021/09/28 23:12:11.489144,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source4/auth/ntlm/auth.c:831(auth_register)
   AUTH backend 'anonymous' registered
[2021/09/28 23:12:11.489161,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source4/auth/ntlm/auth.c:831(auth_register)
   AUTH backend 'winbind' registered
[2021/09/28 23:12:11.489177,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source4/auth/ntlm/auth.c:831(auth_register)
   AUTH backend 'name_to_ntstatus' registered
[2021/09/28 23:12:11.493050,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:843(gensec_start_mech)
   Starting GENSEC mechanism spnego
[2021/09/28 23:12:11.493498,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:843(gensec_start_mech)
   Starting GENSEC submechanism gssapi_krb5
[2021/09/28 23:12:11.494307, 10, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send)
   gensec_update_send: spnego[0x5588bd35f470]: subreq: 0x5588bded6b80
[2021/09/28 23:12:11.494371, 10, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec.c:547(gensec_update_done)
   gensec_update_done: spnego[0x5588bd35f470]: 
NT_STATUS_MORE_PROCESSING_REQUIRED 
tevent_req[0x5588bded6b80/../../auth/gensec/spnego.c:1631]: state[2] 
error[0 (0x0)]  state[struct gensec_spnego_update_state 
(0x5588bded6d40)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116]
[2021/09/28 23:12:11.506170,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:564(make_auth3_context_for_ntlm)
   make_auth3_context_for_ntlm: Making default auth method list for 
server role = 'active directory domain controller'
[2021/09/28 23:12:11.506261,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:426(load_auth_module)
   load_auth_module: Attempting to find an auth method to match samba4
[2021/09/28 23:12:11.506281,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source3/auth/auth.c:451(load_auth_module)
   load_auth_module: auth method samba4 has a valid init
[2021/09/28 23:12:11.510859,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:843(gensec_start_mech)
   Starting GENSEC mechanism spnego
[2021/09/28 23:12:11.511280,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec_start.c:843(gensec_start_mech)
   Starting GENSEC submechanism ntlmssp
[2021/09/28 23:12:11.511347,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
   Got NTLMSSP neg_flags=0xe2088297
     NTLMSSP_NEGOTIATE_UNICODE
     NTLMSSP_NEGOTIATE_OEM
     NTLMSSP_REQUEST_TARGET
     NTLMSSP_NEGOTIATE_SIGN
     NTLMSSP_NEGOTIATE_LM_KEY
     NTLMSSP_NEGOTIATE_NTLM
     NTLMSSP_NEGOTIATE_ALWAYS_SIGN
     NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
     NTLMSSP_NEGOTIATE_VERSION
     NTLMSSP_NEGOTIATE_128
     NTLMSSP_NEGOTIATE_KEY_EXCH
     NTLMSSP_NEGOTIATE_56
[2021/09/28 23:12:11.511416, 10, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source4/auth/ntlm/auth.c:83(auth_get_challenge)
   auth_get_challenge: challenge set by random
[2021/09/28 23:12:11.511589, 10, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send)
   gensec_update_send: ntlmssp[0x5588bd3fbcf0]: subreq: 0x5588be057940
[2021/09/28 23:12:11.511613, 10, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send)
   gensec_update_send: spnego[0x5588bd7b6470]: subreq: 0x5588bd81f5b0
[2021/09/28 23:12:11.511720, 10, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec.c:547(gensec_update_done)
   gensec_update_done: ntlmssp[0x5588bd3fbcf0]: 
NT_STATUS_MORE_PROCESSING_REQUIRED 
tevent_req[0x5588be057940/../../auth/ntlmssp/ntlmssp.c:180]: state[2] 
error[0 (0x0)]  state[struct gensec_ntlmssp_update_state 
(0x5588be057b00)] timer[(nil)] finish[../../auth/ntlmssp/ntlmssp.c:215]
[2021/09/28 23:12:11.511766, 10, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec.c:547(gensec_update_done)
   gensec_update_done: spnego[0x5588bd7b6470]: 
NT_STATUS_MORE_PROCESSING_REQUIRED 
tevent_req[0x5588bd81f5b0/../../auth/gensec/spnego.c:1631]: state[2] 
error[0 (0x0)]  state[struct gensec_spnego_update_state 
(0x5588bd81f770)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116]
[2021/09/28 23:12:11.514648,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/ntlmssp/ntlmssp_server.c:509(ntlmssp_server_preauth)
   Got user=[CYB64W10-TEST$] domain=[CYBERDYNE] 
workstation=[CYB64W10-TEST] len1=24 len2=340
[2021/09/28 23:12:11.514750, 10, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/ntlmssp/ntlmssp_server.c:544(ntlmssp_server_preauth)
[2021/09/28 23:12:11.514766,  1] ../../librpc/ndr/ndr.c:435(ndr_print_debug)
        &v2_resp: struct NTLMv2_RESPONSE
           Response                 : 1edb5b9741c49d2c7f9de26c6edc5de1
           Challenge: struct NTLMv2_CLIENT_CHALLENGE
               RespType                 : 0x01 (1)
               HiRespType               : 0x01 (1)
               Reserved1                : 0x0000 (0)
               Reserved2                : 0x00000000 (0)
               TimeStamp                : Tue Sep 28 11:12:12 PM 2021 CEST
               ChallengeFromClient      : b5ba50318f977163
               Reserved3                : 0x00000000 (0)
               AvPairs: struct AV_PAIR_LIST
                   count                    : 0x0000000a (10)
                   pair: ARRAY(10)
                       pair: struct AV_PAIR
                           AvId                     : MsvAvNbDomainName 
(0x2)
                           AvLen                    : 0x0012 (18)
                           Value                    : union 
ntlmssp_AvValue(case 0x2)
                           AvNbDomainName           : 'CYBERDYNE'
                       pair: struct AV_PAIR
                           AvId                     : 
MsvAvNbComputerName (0x1)
                           AvLen                    : 0x000c (12)
                           Value                    : union 
ntlmssp_AvValue(case 0x1)
                           AvNbComputerName         : 'SKYNET'
                       pair: struct AV_PAIR
                           AvId                     : MsvAvDnsDomainName 
(0x4)
                           AvLen                    : 0x0024 (36)
                           Value                    : union 
ntlmssp_AvValue(case 0x4)
                           AvDnsDomainName          :
'ad.cyberdyne.local'
                       pair: struct AV_PAIR
                           AvId                     : 
MsvAvDnsComputerName (0x3)
                           AvLen                    : 0x0032 (50)
                           Value                    : union 
ntlmssp_AvValue(case 0x3)
                           AvDnsComputerName        : 
'skynet.ad.cyberdyne.local'
                       pair: struct AV_PAIR
                           AvId                     : MsvAvTimestamp (0x7)
                           AvLen                    : 0x0008 (8)
                           Value                    : union 
ntlmssp_AvValue(case 0x7)
                           AvTimestamp              : Tue Sep 28 
11:12:12 PM 2021 CEST
                       pair: struct AV_PAIR
                           AvId                     : MsvAvFlags (0x6)
                           AvLen                    : 0x0004 (4)
                           Value                    : union 
ntlmssp_AvValue(case 0x6)
                           AvFlags                  : 0x00000002 (2)
                                  0: NTLMSSP_AVFLAG_CONSTRAINTED_ACCOUNT
                                  1: 
NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE
                                  0: 
NTLMSSP_AVFLAG_TARGET_SPN_FROM_UNTRUSTED_SOURCE
                       pair: struct AV_PAIR
                           AvId                     : MsvAvSingleHost (0x8)
                           AvLen                    : 0x0030 (48)
                           Value                    : union 
ntlmssp_AvValue(case 0x8)
                           AvSingleHost: struct ntlmssp_SingleHostData
                               Size                     : 0x00000030 (48)
                               Z4                       : 0x00000000 (0)
                               token_info: struct LSAP_TOKEN_INFO_INTEGRITY
                                   Flags                    : 0x00000000 (0)
                                   TokenIL                  : 0x00004000 
(16384)
                                   MachineId                : 
ee332d1498ee205bbe0b10ef6d13c44c4cfdd979ff677d416e7b400cdcdb4503
                               remaining                : DATA_BLOB length=0
                       pair: struct AV_PAIR
                           AvId                     : MsvChannelBindings 
(0xA)
                           AvLen                    : 0x0010 (16)
                           Value                    : union 
ntlmssp_AvValue(case 0xA)
                           ChannelBindings          : 
00000000000000000000000000000000
                       pair: struct AV_PAIR
                           AvId                     : MsvAvTargetName (0x9)
                           AvLen                    : 0x003c (60)
                           Value                    : union 
ntlmssp_AvValue(case 0x9)
                           AvTargetName             : 
'cifs/skynet.ad.cyberdyne.local'
                       pair: struct AV_PAIR
                           AvId                     : MsvAvEOL (0x0)
                           AvLen                    : 0x0000 (0)
                           Value                    : union 
ntlmssp_AvValue(case 0x0)
[2021/09/28 23:12:11.515308,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source4/auth/ntlm/auth.c:241(auth_check_password_send)
   auth_check_password_send: Checking password for unmapped user 
[CYBERDYNE]\[CYB64W10-TEST$]@[CYB64W10-TEST]
   auth_check_password_send: user is: 
[CYBERDYNE]\[CYB64W10-TEST$]@[CYB64W10-TEST]
[2021/09/28 23:12:11.515348,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source4/auth/ntlm/auth.c:69(auth_get_challenge)
   auth_get_challenge: returning previous challenge by module random 
(normal)
[2021/09/28 23:12:11.515365, 10, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source4/auth/ntlm/auth.c:310(auth_check_password_send)
   auth_check_password_send: auth_context challenge created by random
[2021/09/28 23:12:11.515380, 10, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source4/auth/ntlm/auth.c:315(auth_check_password_send)
   auth_check_password_send: challenge is:
[2021/09/28 23:12:11.518330, 10, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send)
   gensec_update_send: ntlmssp[0x5588bd3fbcf0]: subreq: 0x5588be057940
[2021/09/28 23:12:11.518402, 10, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec.c:455(gensec_update_send)
   gensec_update_send: spnego[0x5588bd7b6470]: subreq: 0x5588bd81f5b0
[2021/09/28 23:12:11.518489,  2, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../source4/auth/ntlm/auth.c:437(auth_check_password_recv)
   auth_check_password_recv: sam authentication for user 
[CYBERDYNE\CYB64W10-TEST$] FAILED with error NT_STATUS_WRONG_PASSWORD, 
authoritative=1
[2021/09/28 23:12:11.518557,  2] 
../../auth/auth_log.c:635(log_authentication_event_human_readable)
   Auth: [SMB2,NTLMSSP] user [CYBERDYNE]\[CYB64W10-TEST$] at [Tue, 28 
Sep 2021 23:12:11.518538 CEST] with [NTLMv2] status 
[NT_STATUS_WRONG_PASSWORD] workstation [CYB64W10-TEST] remote host 
[ipv4:10.0.1.137:50082] mapped to [CYBERDYNE]\[CYB64W10-TEST$]. local 
host [ipv4:10.0.2.6:445]
   {"timestamp": "2021-09-28T23:12:11.518668+0200",
"type":
"Authentication", "Authentication": {"version":
{"major": 1, "minor":
2}, "eventId": 4625, "logonId": "0",
"logonType": 3, "status":
"NT_STATUS_WRONG_PASSWORD", "localAddress":
"ipv4:10.0.2.6:445",
"remoteAddress": "ipv4:10.0.1.137:50082",
"serviceDescription": "SMB2",
"authDescription": "NTLMSSP", "clientDomain":
"CYBERDYNE",
"clientAccount": "CYB64W10-TEST$", "workstation":
"CYB64W10-TEST",
"becameAccount": null, "becameDomain": null,
"becameSid": null,
"mappedAccount": "CYB64W10-TEST$", "mappedDomain":
"CYBERDYNE",
"netlogonComputer": null, "netlogonTrustAccount": null, 
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null, "passwordType":
"NTLMv2", "duration":
10774}}
[2021/09/28 23:12:11.518770,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] 
../../auth/ntlmssp/ntlmssp_server.c:813(ntlmssp_server_auth_done)
   ntlmssp_server_auth_done: Checking NTLMSSP password for 
CYBERDYNE\CYB64W10-TEST$ failed: NT_STATUS_WRONG_PASSWORD
[2021/09/28 23:12:11.518799,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec.c:534(gensec_update_done)
   gensec_update_done: ntlmssp[0x5588bd3fbcf0]: NT_STATUS_WRONG_PASSWORD 
tevent_req[0x5588be057940/../../auth/ntlmssp/ntlmssp.c:180]: state[3] 
error[-7963671676338569110 (0x917B5ACDC000006A)]  state[struct 
gensec_ntlmssp_update_state (0x5588be057b00)] timer[(nil)] 
finish[../../auth/ntlmssp/ntlmssp.c:239]
[2021/09/28 23:12:11.518822,  3, pid=26638, effective(0, 0), real(0, 0), 
class=auth] 
../../auth/gensec/spnego.c:1443(gensec_spnego_server_negTokenTarg_step)
   gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: 
NT_STATUS_WRONG_PASSWORD
[2021/09/28 23:12:11.518846,  5, pid=26638, effective(0, 0), real(0, 0), 
class=auth] ../../auth/gensec/gensec.c:534(gensec_update_done)
   gensec_update_done: spnego[0x5588bd7b6470]: NT_STATUS_WRONG_PASSWORD 
tevent_req[0x5588bd81f5b0/../../auth/gensec/spnego.c:1631]: state[3] 
error[-7963671676338569110 (0x917B5ACDC000006A)]  state[struct 
gensec_spnego_update_state (0x5588bd81f770)] timer[(nil)] 
finish[../../auth/gensec/spnego.c:2039]On 28.09.2021 23:10, 
samba-bounces at lists.samba.org wrote:


best regards,
Rainer

Andrew Bartlett

2021-Sep-30 09:25 UTC

head link

[Samba] Problem after update version 4.15.0

On Tue, 2021-09-28 at 23:24 +0200, Rainer Meier via samba
wrote:> I actually have the same problem upgrading from 4.14.7.
> 
> 
> 
> In fact I found it's not happening to all workstations and seems to
> be 
> 
> limited to workstation accounts only. On affected workstations no
> login 
> 
> is possible. However connecting to shares using a local user account
> on 
> 
> this workstation is working just fine. Just no domain user login is 
> 
> possible while the workstation reporting invalid password.
> 
> 
> 
> I can also migrate back to 4.17.7 binaries and I am able to log on
> to 
> 
> the workstation again.
This is really useful info.  If you are able to do a git bisect between
the versions we might be able to work out what is going on here.

This is NTLMSSP, so supported encryption types etc (which are a
Kerberos thing) won't be it.  

This is strange, as we haven't changed much in this area intentionally,
at least that I can recall.

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions

Łukasz Michalski

2021-Oct-20 07:59 UTC

head link

[Samba] Problem after update version 4.15.0

On 9/28/21 23:24, Rainer Meier via samba wrote:> Somehow it does not affect workstations recently joined to the domain 
> but seems to affect only workstations joined to the domain since a 
> long time. Actually one workstation I am able to reproduce the issue 
> is joined since 2016.
> Re-joining the workstation might fix the issue but is not really an 
> option I want to follow.
>
> Also resetting the computer account did not change anything.
>I see the same here. My two machines that are members since 2019 has 
problems, but recently added win10 works ok.
I tried to rejoin one machine and leave/join works ok, but login is 
still impossible after join.

Regards,
?ukasz

samba - Sep 2021 - Problem after update version 4.15.0

[Samba] Problem after update version 4.15.0

[Samba] Problem after update version 4.15.0

[Samba] Problem after update version 4.15.0