Ray Klassen
2023-Dec-08 22:07 UTC
[Samba] PC's needing reboot before validating AD passwords
This is the 3rd thread I've started on this topic and it's likely to be short. Because the problem seems to have gone away. Situation: Windows 10 workstations, Windows 2019 server and one Linux install (mine) based on winbind refused to validate current passwords until they were rebooted. Once was usually enough. Some needed several reboots. Afterward they would work as normal. Maybe this happened only once per machine -- not sure about this-- but understandably I treated the problem as if it could happen anytime to any computer, even if it was a repeat on the same computer. What may have precipitated this:? Upgrade schema to 2012_R2, Upgrade functional level to 2008, upgrade from samba 4.18.x to 4.19.2 What was done to come closer to best practices, with an eye to fixing the problem: Convert DNS from SAMBA_INTERNAL to BIND_DLZ Upgrade functional level to 2012_R2 Information Gathering: enabled audit on all DC's -- errors around the time of a failure looked like an attempt by the computer to anonymously get a kerberos ticket and no 'as usual' non-anonymous retry followed it Hypothesis: The problem has not appeared for a week now, when it was happening everyday. My best guess is that something had to change on the client end to accommodate the higher functional level. Once it changed, no further change was necessary and the computer was 'ready.' I'm posting this back or science. Someone may run into this.
Apparently Analagous Threads
- windows workstations needing reboot to validate passwords. --ADDENDUM
- windows workstations needing reboot to validate passwords. --ADDENDUM
- windows workstations needing reboot to validate passwords. --ADDENDUM
- windows workstations needing reboot to validate passwords. --ADDENDUM
- windows workstations needing reboot to validate passwords. --ADDENDUM