Andrew Bartlett
2023-Dec-18 00:51 UTC
[Samba] netlogon_creds_encrypt_samlogon_validation() failed - NT_STATUS_INVALID_INFO_CLASS
On Sun, 2023-12-17 at 22:52 +0100, Kacper Wirski via samba wrote:> *Hello,* > *I'm running samba as AD DC on Debian 10, 3 DC's total, samba is from > base debian repo* > *Version 4.13.13-Debian* > today on one of my DC's I started to see error such as this: > > *samba[2720697]: [2023/12/17 22:36:21.896597, 0] > ../../source4/rpc_server/netlogon/dcerpc_netlogon.c:1414(dcesrv_netr_ > LogonSamLogon_base_reply)samba[2720697]: > dcesrv_netr_LogonSamLogon_base_reply: > netlogon_creds_encrypt_samlogon_validation() failed - > NT_STATUS_INVALID_INFO_CLASS* > ** > *it started to appear after I moved my VM with samba file server > between 2 hyper-v hosts. In my samba DC log, before this error > appears, I see:* > *samba[2720714]: Auth: [Kerberos KDC,ENC-TS Pre-authentication] > user [(null)]\[SRV6$@MYDOMAIN] at [Sun, 17 Dec 2023 22:36:21.851537 > CET] with [arcfour-hmac-md5] status [NT_STATUS_OK] workstation > [(null)] remote host [ipv4:192.1 etc.samba[2720714]: {"timestamp": > "2023-12-17T22:36:21.851719+0100", "type": "Authentication", > "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": > 4624, "logonId": "b204a5992394b4e1", "logonType": 3, "status": > "NT_STATUS_OK", etc.* > *VM itself was updated (centos 7.9 running samba from repo i.e. > Version 4.10.16)*This is the more important detail than the host migration. Samba 4.11 included this commit: commit 8c9cf56fe9865029bf033557b00e8987873a7096Author: Andreas Schneider <asn at samba.org>Date: Wed May 29 14:39:34 2019 +0200 libcli:auth: Return NTSTATUS for netlogon_creds_server_step_check() Signed-off-by: Andreas Schneider <asn at samba.org> Reviewed-by: Andrew Bartlett < abartlet at samba.org> The code now says: default: /* If we can't find it, we can't very well decrypt it */ return NT_STATUS_INVALID_INFO_CLASS; The server is sending back some data that we don't know how to handle. More details may be available at higher debug levels, but it gets overwhelming fast and can contain sensitive info. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead https://catalyst.net.nz/services/sambaCatalyst.Net Ltd Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company Samba Development and Support: https://catalyst.net.nz/services/samba Catalyst IT - Expert Open Source Solutions
Kacper Wirski
2023-Dec-18 08:08 UTC
[Samba] netlogon_creds_encrypt_samlogon_validation() failed - NT_STATUS_INVALID_INFO_CLASS
Hello, I found what is causing the error, it wasn't update related at all, just a random coincidence of me looking at samba DC logs while using hyperv feature of remote console to the updated VM. Remote console to VM via windows 2016 hyperv host uses kerberos and even though it's working, it floods DC log with this error, while using said console. I suppose I can rather safely ignore it then? Regards, Kacper pon., 18 gru 2023, 01:51 u?ytkownik Andrew Bartlett <abartlet at samba.org> napisa?:> On Sun, 2023-12-17 at 22:52 +0100, Kacper Wirski via samba wrote: > > *Hello,* > > > *I'm running samba as AD DC on Debian 10, 3 DC's total, samba is from > > base debian repo > > * > > > *Version 4.13.13-Debian > > * > > > today on one of my DC's I started to see error such as this: > > > > *samba[2720697]: [2023/12/17 22:36:21.896597, 0] > > ../../source4/rpc_server/netlogon/dcerpc_netlogon.c:1414(dcesrv_netr_LogonSamLogon_base_reply) > > samba[2720697]: dcesrv_netr_LogonSamLogon_base_reply: > > netlogon_creds_encrypt_samlogon_validation() failed - > > NT_STATUS_INVALID_INFO_CLASS* > > > * > > * > > > *it started to appear after I moved my VM with samba file server between > > 2 hyper-v hosts. In my samba DC log, before this error appears, I see:* > > > *samba[2720714]: Auth: [Kerberos KDC,ENC-TS Pre-authentication] user > > [(null)]\[SRV6$@MYDOMAIN] at [Sun, 17 Dec 2023 22:36:21.851537 CET] with > > [arcfour-hmac-md5] status [NT_STATUS_OK] workstation [(null)] remote > > host [ipv4:192.1 etc. > > samba[2720714]: {"timestamp": "2023-12-17T22:36:21.851719+0100", > > "type": "Authentication", "Authentication": {"version": {"major": 1, > > "minor": 2}, "eventId": 4624, "logonId": "b204a5992394b4e1", > > "logonType": 3, "status": "NT_STATUS_OK", etc. > > * > > > *VM itself was updated (centos 7.9 running samba from repo i.e. Version > > 4.10.16) > > * > > > This is the more important detail than the host migration. Samba 4.11 included this commit: > > > commit 8c9cf56fe9865029bf033557b00e8987873a7096 > > Author: Andreas Schneider <asn at samba.org> > > Date: Wed May 29 14:39:34 2019 +0200 > > > libcli:auth: Return NTSTATUS for netlogon_creds_server_step_check() > > Signed-off-by: Andreas Schneider <asn at samba.org> > > Reviewed-by: Andrew Bartlett <abartlet at samba.org> > > > The code now says: > > > default: > > /* If we can't find it, we can't very well decrypt it */ > > return NT_STATUS_INVALID_INFO_CLASS; > > > The server is sending back some data that we don't know how to handle. > > > More details may be available at higher debug levels, but it gets overwhelming fast and can contain sensitive info. > > > Andrew Bartlett > > > -- > > Andrew Bartlett (he/him) https://samba.org/~abartlet/ > Samba Team Member (since 2001) https://samba.org > Samba Team Lead https://catalyst.net.nz/services/samba > Catalyst.Net Ltd > > Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company > > Samba Development and Support: https://catalyst.net.nz/services/samba > > Catalyst IT - Expert Open Source Solutions >