Hi All, I can second the problem. After Updating to 4.15 I also can't login to my AD. After reverting to 4.17.7 all works again without any problems. For testing I set up an AD DC already with 4.15. I could join with a Windows 10 PC. Login with Administrator of domain works. Then I created a standard user with option "Change password on first login". Now comes the funny thing: On first login with this user I was ask to change the password which worked. But after this I get a "password or user wrong". So that's the case now: Login with Administrator works on the 4.15 test domain but not with the standard user. Ingo Asche
On Tue, 2021-10-05 at 19:47 +0200, Ingo Asche via samba wrote:> Hi All, > > I can second the problem. After Updating to 4.15 I also can't login > to > my AD. After reverting to 4.17.7 all works again without any > problems. > > For testing I set up an AD DC already with 4.15. I could join with a > Windows 10 PC. > > Login with Administrator of domain works. Then I created a standard > user > with option "Change password on first login". > > Now comes the funny thing: On first login with this user I was ask > to > change the password which worked. But after this I get a "password > or > user wrong". > > So that's the case now: Login with Administrator works on the 4.15 > test > domain but not with the standard user. > > Ingo Asche >Is there anything in either the Samba or auth logs on the Samba DC ? If not, can you raise the log level to see if anything pops out. Have you also checked the client logs ? Rowland
Hallo all, probably not related. However, after upgrading a domain member fileserver I also had Problems. I the it was the vfs recycle module for me. I opened a bug report for this. https://bugzilla.samba.org/show_bug.cgi?id=14849 I do not know if it is Rocky Linux/RHEL specific or if somebody can reproduce this on another distribution. This I just a testserver so I do not have a pressing need to debug this. But if others can also reproduce this... Regards Christian Am 5. Oktober 2021 19:47:57 MESZ schrieb Ingo Asche via samba <samba at lists.samba.org>:>Hi All, > >I can second the problem. After Updating to 4.15 I also can't login to my AD. After reverting to 4.17.7 all works again without any problems. > >For testing I set up an AD DC already with 4.15. I could join with a Windows 10 PC. > >Login with Administrator of domain works. Then I created a standard user with option "Change password on first login". > >Now comes the funny thing: On first login with this user I was ask to change the password which worked. But after this I get a "password or user wrong". > >So that's the case now: Login with Administrator works on the 4.15 test domain but not with the standard user. > >Ingo Asche > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba-- Dr. Christian Naumer Vice President Unit Head Bioprocess Development BRAIN Biotech AG Darmstaedter Str. 34-36, D-64673 Zwingenberg e-mail cn at brain-biotech.com, homepage www.brain-biotech.com phone +49-6251-9331-30 / fax +49-6251-9331-11 Sitz der Gesellschaft: Zwingenberg/Bergstrasse Registergericht AG Darmstadt, HRB 24758 Vorstand: Adriaan Moelker (Vorstandsvorsitzender), Lukas Linnig Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
On 10/5/21 19:47, Ingo Asche via samba wrote:> Hi All, > > I can second the problem. After Updating to 4.15 I also can't login to > my AD. After reverting to 4.17.7 all works again without any problems. >In my case I was not able to login from win2008 server r2 and from windows7 after update from 4.12 to 4.15 Linux clients and win10 clients did not have any problems. I reverted back to 4.12 (whole virtual machine). I use ArchLinux with samba packages from repository. In win2008srv event log I found Kerberos-security, event 4: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server db$. The target name used was DB$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (SAMDOM) is different from the client domain (SAMDOM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server. And NETLOGON service error, event 5719: This computer was not able to set up a secure session with a domain controller in domain SAMDOM due to the following: There are currently no logon servers available to service the logon request. Regards, ?ukasz