Kothe Patrik
2023-Jul-20 13:28 UTC
[Samba] Samba rejecting authentication from Windows machines
Hi everybody. First a short overview of our setup: We have 2 Samba DCs in Domain 1 We use a Windows 10 Pro VM for the RSAT Tools which we access via RDP We have 1 Windows Server 2012 DC for Domain 2 Between Domain 1 and 2 is a Trust for cross-domain file share access Since the last reboot of our samba DCs they suddenly started to block login attempts on the RSAT-VM and also the Trust to the other domain is broken. When trying to log in to the RSAT-VM the primary DC logs this: Jul 20 14:32:10 C-103-dc01 named[2076966]: samba_dlz: starting transaction on zone Domain1.tld Jul 20 14:32:10 C-103-dc01 named[2076966]: client @0x7fc5000c40d0 172.16.2.105#61179: update 'Domain1.tld/IN' denied Jul 20 14:32:10 C-103-dc01 named[2076966]: samba_dlz: cancelling transaction on zone Domain1.tld Jul 20 14:32:10 C-103-dc01 named[2076966]: samba_dlz: starting transaction on zone Domain1.tld Jul 20 14:32:10 C-103-dc01 named[2076966]: samba_dlz: disallowing update of signer=RSAT-VM\$\@DOMAIN1.TLD name=RSAT-VM.Domain1.tld type=AAAA error=insufficient access rights Jul 20 14:32:10 C-103-dc01 named[2076966]: client @0x7fc5000c40d0 172.16.2.105#62717/key RSAT-VM\$\@DOMAIN1.TLD: updating zone 'Domain1.tld/NONE': update failed: rejected by secure update (REFUSED) Jul 20 14:32:10 C-103-dc01 named[2076966]: samba_dlz: cancelling transaction on zone Domain1.tld Also, if I run the Trust-test on the Windows DC of Domain 2, I get the following error: ?The secure channel (SC) verification on Active Directory Domain Controller \\dc01.domain1.tld of domain1.tld to domain domain2.tld failed with error: Access is denied.? Does anybody have an idea, what we can do about this? Many thanks in advance Patrik Kothe
Rowland Penny
2023-Jul-20 13:42 UTC
[Samba] Samba rejecting authentication from Windows machines
On 20/07/2023 14:28, Kothe Patrik via samba wrote:> Hi everybody. > > First a short overview of our setup: > > We have 2 Samba DCs in Domain 1 > We use a Windows 10 Pro VM for the RSAT Tools which we access via RDP > We have 1 Windows Server 2012 DC for Domain 2 > Between Domain 1 and 2 is a Trust for cross-domain file share access > > Since the last reboot of our samba DCs they suddenly started to block login attempts on the RSAT-VM and also the Trust to the other domain is broken. > > When trying to log in to the RSAT-VM the primary DC logs this: > > Jul 20 14:32:10 C-103-dc01 named[2076966]: samba_dlz: starting transaction on zone Domain1.tld > Jul 20 14:32:10 C-103-dc01 named[2076966]: client @0x7fc5000c40d0 172.16.2.105#61179: update 'Domain1.tld/IN' denied > Jul 20 14:32:10 C-103-dc01 named[2076966]: samba_dlz: cancelling transaction on zone Domain1.tld > Jul 20 14:32:10 C-103-dc01 named[2076966]: samba_dlz: starting transaction on zone Domain1.tld > Jul 20 14:32:10 C-103-dc01 named[2076966]: samba_dlz: disallowing update of signer=RSAT-VM\$\@DOMAIN1.TLD name=RSAT-VM.Domain1.tld type=AAAA error=insufficient access rights > Jul 20 14:32:10 C-103-dc01 named[2076966]: client @0x7fc5000c40d0 172.16.2.105#62717/key RSAT-VM\$\@DOMAIN1.TLD: updating zone 'Domain1.tld/NONE': update failed: rejected by secure update (REFUSED) > Jul 20 14:32:10 C-103-dc01 named[2076966]: samba_dlz: cancelling transaction on zone Domain1.tld > > > Also, if I run the Trust-test on the Windows DC of Domain 2, I get the following error: > ?The secure channel (SC) verification on Active Directory Domain Controller \\dc01.domain1.tld of domain1.tld to domain domain2.tld failed with error: Access is denied.? > > Does anybody have an idea, what we can do about this?Sorry, but I doubt it, not from the information provided. What version of Samba are the DCs running and on what OS ? Was anything updated on any of the machines ? If so, what ? This could be more fall out from Microsoft's last update. Rowland
Apparently Analagous Threads
- Samba rejecting authentication from Windows machines
- **[EXTERNAL]**Re: Samba rejecting authentication from Windows machines
- ipconfig /registerdns & PTR Records
- Fwd: **[EXTERNAL]**Re: **[EXTERNAL]**Re: Samba rejecting authentication from Windows machines
- Zone update denied