similar to: logline of account becoming NT_STATUS_ACCOUNT_LOCKED_OUT

Hi Andrew, On 12/02/2017 07:20 PM, Andrew Bartlett via samba wrote: > I'm sorry, but while we do log it, the news isn't good. > > DEBUG(5, ("Locked out user %s after %d wrong passwords\n", >   ldb_dn_get_linearized(user_msg->dn), badPwdCount)); > > That will show up with level 5 globally. Ok, patches are difficult now, as we've sponsored quite a

I sure could use some help on this. Perhaps this problem is due to a recent Windows update? I have determined that whenever I log into the Windows 7 host DBSERVER from any other Windows 7 computer, whether it be a local domain workstation or an external computer, and regarless of whether the client workstation is logged in as 'mark' or any other user, I have the lockout problem. As soon

On Sat, 19 Jan 2019 16:26:21 -0500 Mark Foley via samba <samba at lists.samba.org> wrote: > On Sun, 20 Jan 2019 08:06:26 +1300 Andrew Bartlett wrote: > > > > On Sat, 2019-01-19 at 13:37 -0500, Mark Foley via samba wrote: > > > I sure could use some help on this.  Perhaps this problem is due > > > to a recent Windows update? > > >  > > >

On Sun, 20 Jan 2019 08:06:26 +1300 Andrew Bartlett wrote: > > On Sat, 2019-01-19 at 13:37 -0500, Mark Foley via samba wrote: > > I sure could use some help on this.  Perhaps this problem is due to a > > recent Windows update? > >  > > Furthermore, when I do actually log into this computer as 'mark' and > > enter the correct PW, it > > works fine,

Ah ha! I believe I've solved this. I checked the Windows credentials repository. There was a 'mark' ID and likely an old password stored there. I deleted that credential, rebooted, and no more lock out message. During the past year, the 'classic' Samba file server was added as a domain member and all domain member workstations then had to use domain credentials for mapping

On Sat, 2019-01-19 at 13:37 -0500, Mark Foley via samba wrote: > I sure could use some help on this.  Perhaps this problem is due to a > recent Windows update? >  > Furthermore, when I do actually log into this computer as 'mark' and > enter the correct PW, it > works fine, no Auth errors.  > > Could someone point me in the right direction for research?  Turn up

On Sat, 19 Jan 2019 19:03:58 +0000 Rowland Penny wrote: > > On Sat, 19 Jan 2019 13:37:18 -0500 > Mark Foley via samba <samba at lists.samba.org> wrote: > > > I sure could use some help on this. Perhaps this problem is due to a > > recent Windows update? > > > > I have determined that whenever I log into the Windows 7 host > > DBSERVER from any

I'm having a very annoying problem I can't figure out. I've been running Samba4 as our office AD/DC for several years. This is a recent problem. Whenever I Remote Desktop into a particular Windows workstation (192.168.0.4) I get the following message in /var/log/samba/log.samba: Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\[mark at HPRS] at [Thu, 17 Jan 2019

Hi, We are having an issue, trying to install a domain member server. I'm following the samba wiki: - samba 4.6.1 - krb5.conf as recommended on wiki - time synced - kinit works - dns works (DCs in resolv.conf) - setup a basic smb.conf (pasted at the end of this email) - edit nsswitch.conf to include winbind for passwd/group and then finally "net ads join -U administrator -d5" fails

Yes, post the complete smb.conf.. when what os your running. Then we can have a look better whats going on. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens mj via samba > Verzonden: dinsdag 4 april 2017 20:17 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Key table name malformed > > Hi all, >

Hi, I have installed samba 3.0.6 based on the "Official HOWTO" to join out Active Directory environment, with winbind and pam support. I have join the samba to the domain using "net ads join -Umyloginame". I can do the "wbinfo -g", "getent passwd" and "getent group" correctly. I also can list shares on other machine, using kerberos: # kinit

Hi, Since samba 4.7 I have setup auth logging, and while I can relate most failed passwords to users mistyping a password, there is one kind that I don't understand, happening across our samba-DCs. Things work without issues, but I'm just being curious. :-) > [2017/11/23 04:47:32.166753, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable) > Auth: [Kerberos

Hello, I had configured a domain with samba 4.1.0rc2, I was able to add a new server as DC successfull on this version, but after upgrade to 4.1.2, we have this error: *Analyze and apply schema objects* *Partition[CN=Configuration,DC=geribello,DC=com,DC=br] objects[402/1654] linked_values[0/0]* *Refusing replication of object containing invalid zero invocationID on attribute 13 of CN=Deleted

Hi. I've set up Samba 3.0.24d on FreeBSD 6.1 and I have a problem that I can't login anonymously into it (and I suspect that's the reason why windowses can't browse network): # smbclient -L black -N Anonymous login successful Domain=[WRKGRP] OS=[Unix] Server=[Samba 3.0.23d] tree connect failed: NT_STATUS_LOGON_FAILURE I've googled around much and all I've seen on this

Hoi Louis, The thing is that the keytab is not generated! That is the issue at hand. The join appears to have succeeded: > root at processing:~# net ads testjoin > Join is OK > root at processing:~# However no keytab is generated during join, despite having in the domain member smb.conf: > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab And the

hi, I am trying to run a 3.0.6 on ADS network with "--with-acl-support" enabled on configure time. I also compiled the linux kernel 2.4.25 witch acl patch from http://acl.bestbits.at/. Samba shares is visible from the network and vice-versa. BUT, I can't change the ACL on samba shared files. I've read the HOWTO to change file permission from: 1. Remote Computer management mmc

On 10/11/2017 12:43 PM, Rowland Penny via samba wrote: > I want to mount a users folder on one machine into the users folder on > another machine. > i.e. mount \\dc1\users\rowland on client /home/rowland/mnt That sounds similar to our use case. > Sods law has kicked in, I have now got a mount to work with pam_mount, > but there is a major problem, anything created in the share

Hello list. I’m using samba4 authorization with debian 8 without any problems. But in debian 9 very same config causes problems - unable to change GID. Here is my smb.conf: [global] netbios name = testvm security = ADS workgroup = WRKGRP realm = EXAMPLE.COM password server = 172.24.0.253 wins server = 172.24.0.253 wins proxy = no

Hi I just ran into this problem as well. The MS Access Runtime tells me: "This file is located outside your intranetor on an untrusted site. <application name> will not open the file due to potential security problems. To open the file, copy it to your machine or an accessible network location." The file is in the regular wine location. The Runtime is started as follows: env

Hi, For some users I am trying to deny file access to our domain member servers, yet keeping their AD account for all other purposes, like email and ldap authorized clients. So I figured I removed the unix attributes from a user in ADUC, while keeping the rest. I expected that would make the user 'invisible' for the domain member (file) servers, while maintaining the account for