On 31.10.2023 21:45, Ray Klassen via samba wrote:> 4 DC's Samba version 4.19.2 compiled from tarball on Debian 12.2 (have
> run this way always up to date tarballs for maybe 15 years.
> Wkstations: Windows 10 up dated to latest security patches About a
> week and half ago, workstations started fail on login with "Incorrect
> Password" until restarted, sometimes several times after which no
> problem for maybe a few days. (not sure about this, just don't seem to
> get calls right the next day on the same PC.) Remote Desktop also
> behaves peculiarly when workstation is in this state -- a successful
> connection may actually get the user to a log in screen they can't get
> past. Normally Remote Desktop will drop the connection if the password
> fails. This looks like the connection to the machine is successful,
> but the windows session connection fails. If network cable is
> unplugged the PC logs in fine, using the locally cached password hash.
> Log level 255 for an affected PC doesn't look that promising. The only
> thing that looks suspicious are exchanges wh
> ere there's some sort of authentication and the workstation presents
> its IP address as its name. Wireshark traffic of the failing login
> (decoded by use of a DC keytab) reveals a bunch of successful requests
> and responses. No glaring errors. Investigation reveals that dynamic
> DNS updates are not working. I reset allow dns update to
'nonsecure'
> -- no difference. Could this be the cause? Recent changes to the
> system: Upgrade to samba 4.19.2 from 4.19.1 raise domain/forest
> funtional level from 2003 to 2008_r2 (in preparation for Entra Cloud
> software. Better than AD Connect?) Windows service packs? Any
> ideas/pointers appreciated...
Hi Ray,
Clock synchronization? If you have got ntpsec on the DCs, that wont
work. Must use Chrony.
Best regards,
Peter