samba at laurenz.ws
2022-Jan-18 10:08 UTC
[Samba] No Domain Logon Possible after last Windows 11 Insider Update
Hello everyone, i updated my windows 11 Insider to the latest build and afterwards is no domain logon is possible. I restored to the old state - and logons are possible - updated again - and no logon possible Level 10 Debug Log placed on dropbox: https://www.dropbox.com/s/0e4u7l0gw5jhgxi/192.168.2.80.log?dl=0 Regards, Dirk
Rowland Penny
2022-Jan-18 10:27 UTC
[Samba] No Domain Logon Possible after last Windows 11 Insider Update
On Tue, 2022-01-18 at 11:08 +0100, Dirk Laurenz via samba wrote:> Hello everyone, > > > > i updated my windows 11 Insider to the latest build and afterwards is > no > domain logon is possible. > > I restored to the old state - and logons are possible - updated again > - and > no logon possible > > > > Level 10 Debug Log placed on dropbox: > https://www.dropbox.com/s/0e4u7l0gw5jhgxi/192.168.2.80.log?dl=0 >How are you running Samba ? Posting your smb.conf will help in identifying this. Rowland
Adam Thorn
2022-Jan-18 11:10 UTC
[Samba] No Domain Logon Possible after last Windows 11 Insider Update
On 18/01/2022 10:08, Dirk Laurenz via samba wrote:> Hello everyone, > > > > i updated my windows 11 Insider to the latest build and afterwards is no > domain logon is possible. > > I restored to the old state - and logons are possible - updated again - and > no logon possibleThis might be unrelated to your problem, but in case anyone else is caught out by this .... We have a custom usermap script in place due to our local setup (not specifically due to some of the recent CVEs and subsequent fallout). We do some parsing of the "DOMAIN+username" string passed to the script, where DOMAIN is the upper-case version of our domain name. We've had reports of behaviour where the latest Windows 11 build (sorry, I don't know the build number) seems to forcibly lower-case (part or all of?) saved credentials and a user then ends up trying to authenticate to a share as "domain+user" rather than "DOMAIN+user", which we hadn't properly handled in our usermap script. The user affected by this reports they were able to successfully make their Win 11 client forget any saved credentials and then re-save the original "DOMAIN+user" version, after which they could connect to shares again. Even if you don't have a usermap script in place, it might be worth looking to see if you'd be affected by an unexpected/unhandled change in the case of the domain name anywhere. Regards, Adam