Hi...
Here I can also verify that the patch made by Stefan Metzmacher (BIG THANK
YOU) solves the problem.
No problems any more. We also have some older DCs we yet cannot update to
samba 4.16+ so
I backported the patch for bug 15418 to samba 4.7.12 and can verify that
it is working there, too.
Greetings from germany
Roland
"samba" <samba-bounces at lists.samba.org> wrote on 11.08.2023
19:18:22:
> From: "Jones Syue ??? via samba" <samba at lists.samba.org>
> To: "Fabio Muzzi" <liste at kurgan.org>, "samba at
lists.samba.org"
> <samba at lists.samba.org>, "Andrew Bartlett" <abartlet
at samba.org>
> Date: 11.08.2023 19:18
> Subject: Re: [Samba] KB5029244...
> Sent by: "samba" <samba-bounces at lists.samba.org>
>
> If there are still issues after you patch Samba, please let us know.
>
> Per my test which could confirm that:
> 1. Win11 22H2 with KB5029244 (2023/Aug) installed, cannot establish
secure> channel against non-patched samba ad dc; just like KB5028166 (2023/Jul).
> 2. Several symptoms are caused by broken secure channel, and all of them
> could be addressed by Bug 15418 bugfixes patch. Thank you, Metze!
>
> These symptoms like:
> a. join ad fail, error is "The trust relationship between this
workstation> and the primary domain failed."
>
> b. access fail, error is "The trust relationship between this
workstation> and the primary domain failed." and "System error 1789 has
occurred.".
>
> c. rdp fail, error is "The remote computer that you are trying to
connect> to require Network Level Authentication (NLA), but your Windows domain
> controller cannot be contacted to perform NLA. If you are an
administrator> on the remote computer, you can disable NLA by using the options on the
> Remote tab of the System Properties dialog box."
>
> And Event Viewer could see 2 kinds of Event ID:
> Event ID 3210 (NETLOGON), or Event ID 1058 (GroupPolicy).
>
> --
> Regards,
> Jones Syue | ???
> QNAP Systems, Inc.
>