similar to: Windows user domain accounts getting locked out regularly

Displaying 20 results from an estimated 1000 matches similar to: "Windows user domain accounts getting locked out regularly"

2014 Nov 10
0
User's DPAPI/backupkey protected data lost when changing domain password
After a user changes their password (CTRL-ALT-DEL) in our Samba 4 domain (4.1.12) they lose access to any stored passwords on their Windows PC. I've set the log level in smb.conf to 4 and enabled the GPO to record DPAPI log entries in Windows to get the below log data. My reading of the two is that the Windows PC believes it is failing to reset the access to its DPAPI store (where the saved
2013 Aug 07
2
Samba 4 empty password
Hello, We are trying to setup a SAMBA-Server with users that have empty passwords. We are using: Samba 4.0.8 Kernel 3.10.5 Slackware 14.0 x64 When we set a password the login successes! That's what we get when trying to login: [2013/08/07 13:31:46, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ media1 at BC from ipv4:10.0.99.100:62078 for
2012 Dec 06
1
Problem samba3 to samba4
Hello I've migrated a samba 3 server to a samba 4 (.all the tests mentioned in this howto are succesfull) .But i can't open a session with a workstation on samba4 domain : approbation problem. The workstation name which can't connect is "admin-pc" Any idea ? *Here are the logs of log.samba * Kerberos: Looking for ENC-TS pa-data -- *admin-pc$@SC* [2012/12/06 12:50:59,
2015 Jul 01
3
strange: 20 characters max in samAccountName
Hi all, Sernet Samba 4.2.2 as Active Directory on Debian 7.8. No other DC. I can't log in with on Windows systems (Windows 7) when samAccountName are longer than 20 characters. This seems to be a LAN MAN or NT4 limitation which should not happen on AD domain. Any idea what could leads my to that limitation? I can log in using administrator account or any other having a short (enough)
2016 Jun 24
0
Login not possible / machine account issues
Hi, Did you find any solution? I am facing exactly the same scenario. -CentOS 6.7 -Samba Version 4.4.3 -BIND_DLZ 9.9.8 Some workstations suddenly are unable to login, unless I reboot or rejoin the domain. The only odd event I see in the client is the one already said: Log Name: System Source: Microsoft-Windows-Security-Kerberos Event ID: 4 Task Category:
2012 Oct 03
1
Samba4 KDC Windows 7 clients may fail to get a ticket
Hello. Samba 4.1.0pre1-GIT-aad669b, joined as a DC to an existing domain. Windows 7 machines may fail to get a ticket: [2012/10/03 09:31:54, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ con-11$@KLIN.KIFATO-MK.COM from ipv4:192.168.1.138:49682 for krbtgt/KLIN.KIFATO-MK.COM at KLIN.KIFATO-MK.COM [2012/10/03 09:31:54, 3]
2018 Mar 04
1
Samba AD + Kerbero + NFS "Client no longer in database"
I am soo lost trying to get Samba AD 4.7.5 as a Kerberos source for NFSv4. The NFS server is the Samba AD server running Ubuntu Server 16.0.4.3 and the client is Linux Mint 18.3 This export WORKS and mounts on client ########## /etc/exports ########## /mnt/fileshare         *(rw,no_subtree_check,async) ############################ This export DOES NOT ########## /etc/exports ##########
2016 Jul 05
0
Login not possible / machine account issues
>>This can occur when the target server principal name (SPN) is registered >>on an account other than the account the target service is using. Hmm, multiple computers with the same serial cause these things. So first make sure this computers serial isnt used before. Or 2 computers with the same name in the netwerk, happens with not syspreped computers. Keep an eye on your samba
2015 May 28
2
[AD/PDC] Logins with Spaces do not work
Hi, I've migrated a Windows Server 2003 Active Directory to Samba and am running both servers in parallel. Samba is run under Debian Linux, Version is 4.1.17-Debian. My Problem is, that Client Computers cannot log in when their Logins contain Spaces. We were able to reproduce this by adding/removing spaces from a username and making login fail/work with this. Umlauts are not a problem.
2018 Apr 03
0
Renaming a joined windows workstation
Hi all. I'm experiencing a little problem when I rename an already joined windows machine. The rename operation is done in the traditional way "Computer properties> advanced settings> Computer name> change" in a windows 7 Machine. The rename itself finishes successful, but when I check the computer name in the ADUC, the old name is still displayed. Checking the object
2016 Aug 22
1
Upgrade 4.2.14 --> 4.3.11
Hi, I had Samba 4.2.14 working as AD DC with shares. After upgrade to version 4.3.11 AD DC authentication, ADUC, etc, stopped working. Shares still work fine. OS. Oracle Linux 6.x with UEK, uptodate. Samba compiled from source. Upgrade procedure (nothing special): ./configure --enable-selftest make make install Testparm output: # Global parameters [global] workgroup = EXAMPLE realm =
2016 Jul 05
1
Login not possible / machine account issues
Well, in my option, you the have found your problem. https://technet.microsoft.com/en-us/library/cc721940(v=ws.10).aspx 3) ..... After the unique system information is removed, .... And https://blogs.msdn.microsoft.com/aaron_margosis/2009/11/05/machine-sids-and-domain-sids/ Says: Mark?s point is that SIDs must be unique within the authority in which they are used. So while DEMOSYSTEM
2013 Nov 04
1
Running SQL Server xp_logininfo with Samba PDC
We have setup Samba 4.1 as a PDC. We have successfully connected several Windows 2008 Servers to the domain and created various users/groups. During an application installation on the Windows server, it runs the command in SQL server: master..xp_logininfo 'MYDOMAIN\useraccount' SQLserver is running as a service user created on the domain (here called MYDOMAIN) This returns: Msg
2015 May 27
1
check password script for samba 4 ad dc
I would like to bump my question 2015-05-27 10:21 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>: > Hmm, looks like it's not. I've just set the password for something that > cracklib-check would argue using both ad management tools and at windows > login. Should it work that way or I'm missing something? > > My dc's smb.conf: > > [global] >
2014 Feb 05
0
INTERNAL ERROR: Signal 11 in pid (kdc gone)
Hi There, We are getting INTERNAL ERROR: Signal 11 in pid on multiple different servers (Debian Wheezy, using Samba 4.0.13 and 4.1.3, using kernel 3.2.0-4 and 3.11.6-2), the outcome is always the same. The group policies can no longer be applied to the clients until a Samba4 restart. The locations with these issues do have in common that they have multiple Samba4 DC's although i am not
2017 Mar 18
0
kerberos issue (SPN not found) with windows Hyper-V ( samba 4.5.3 AD)
After reviewing logs I found that my previous assumption was wrong. Situation: - i'm trying to start live migration from hyper-v host A (BMSRV4-HYPERV) to hyper-v host B (BM-SRV-5) from host B (logged in as user from DOMAIN ADMINS group). Kerberos constrained delegation is set in accordnance to microsoft instructions with proper SPN's set (well, proper as in with the workaround I
2015 May 27
0
check password script for samba 4 ad dc
Hmm, looks like it's not. I've just set the password for something that cracklib-check would argue using both ad management tools and at windows login. Should it work that way or I'm missing something? My dc's smb.conf: [global] workgroup = KURSK realm = KURSK.MTT netbios name = DEBIAN-DC server role = active directory domain controller
2017 Apr 21
0
Fwd: Unable to change passwords from Win XP Pro clients
Sorry, I missed some relevant part of the logs after the suggested changes: Kerberos: AS-REQ user2 at MYDOMAIN from ipv4:192.168.44.56:2080 for krbtgt/MYDOMAIN at MYDOMAIN [2017/04/21 12:47:37.526742, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Client sent patypes: encrypted-timestamp, 128 [2017/04/21 12:47:37.526772, 3]
2017 Dec 27
0
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
There is additional info in the logs of the source DC (dcdo1, log level 2, manually triggered another replication): ==================== [2017/12/27 12:31:29.695121,  2] ../source4/rpc_server/drsuapi/getncchanges.c:1731(getncchanges_collect_objects)   ../source4/rpc_server/drsuapi/getncchanges.c:1731: getncchanges on DC=ad,DC=kdu,DC=com using filter (uSNChanged>=5415) [2017/12/27
2017 Dec 27
0
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Rowland, - the DN "CN=DCNH1,..." exists on all 3 DCs (pointing the Sites and Services console to each of them). - I also checked that "samba-tool dbcheck" completes w/o showing errors. - the objectGUID DNS aliases of all DCs are resolvable against all 3 DCs' builtin DNS - I forced a full sync from the FSMO holder (dcge1) to the 2 other DCs which finished w/o errors. -