Apologies if this is the wrong place to post this, but I have upgraded to Samba 4.16.4 on Kinetic (Server is the sole AD on the domain). Previously, I was on Jammy and 4.15.9 in Jammy.
I'm able to join my Win11 22H2, and log in as a domain user, but any other domain activities, such as running the Active Directory Users & Groups app or even trying to select a domain user when changing ownership of a file (I'm a Domain Admin) fails. I was able to do this successfully before upgrading to Win11 and am still able to do it from a Win10 computer. I updated because I thought 4.16 had corrected this. Is there anything else I need to do/enable?
The samba log shows the following:
[2022/12/07 11:20:06.399155, 3] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2022/12/07 11:20:06.408246, 5] ../../source4/ldap_server/ldap_backend.c:783(ldapsrv_SearchRequest)
ldb_request BASE dn= filter=(objectclass=*)
[2022/12/07 11:20:06.411301, 5] ../../source4/ldap_server/ldap_backend.c:975(ldapsrv_SearchRequest)
ldapsrv_SearchRequest: LDAP Query: Duration was 0.00s, SearchRequest by S-1-5-7 from ipv4:192.168.3.230:62160 filter: [(objectclass=*)] basedn: [] scope: [
BASE] result: Success
[2022/12/07 11:20:06.418530, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
Kerberos: Probing for AS-REQ
[2022/12/07 11:20:06.418728, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
Kerberos: Not a FAST request
[2022/12/07 11:20:06.418843, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
Kerberos: AS-REQ <email address hidden> from ipv4:XXX.XXX.XXX.XXX:62161 for <email address hidden>
[2022/12/07 11:20:06.421842, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.423682, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.424602, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.426264, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.427052, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.427650, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
Kerberos: Client (<email address hidden>) from ipv4:XXX.XXX.XXX.XXX:62161 has no common enctypes with KDC to use for the session key
[2022/12/07 11:20:06.427770, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
Kerberos: as-req: sending error: -1765328370 to client
[2022/12/07 11:20:06.427866, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
Kerberos: Making non-FAST KRB-ERROR
[2022/12/07 11:20:06.428124, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
Kerberos: heim_audit_vaddkv(): kv pair[0] elapsed=0.009605
[2022/12/07 11:20:06.428245, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
Kerberos: AS-REQ ERR_ETYPE_NOSUPP ipv4:XXX.XXX.XXX.XXX:62161 <email address hidden> <email address hidden> elapsed=0.009605
[2022/12/07 11:20:06.430388, 3] ../../source4/samba/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2022/12/07 11:20:06.433837, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
Kerberos: Probing for AS-REQ
[2022/12/07 11:20:06.434033, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
Kerberos: Not a FAST request
[2022/12/07 11:20:06.434148, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
Kerberos: AS-REQ <email address hidden> from ipv4:XXX.XXX.XXX.XXX:62162 for <email address hidden>
[2022/12/07 11:20:06.436976, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.438710, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.439674, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
gendb_search_v: DC=domain,DC=ecompany,DC=net NULL -> 1
[2022/12/07 11:20:06.441326, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.442113, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.442615, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
Kerberos: Client (<email address hidden>) from ipv4:192.168.3.230:62162 has no common enctypes with KDC to use for the session key
[2022/12/07 11:20:06.442759, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
Kerberos: as-req: sending error: -1765328370 to client
[2022/12/07 11:20:06.442825, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
Kerberos: Making non-FAST KRB-ERROR
[2022/12/07 11:20:06.443057, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
Kerberos: heim_audit_vaddkv(): kv pair[0] elapsed=0.009237
[2022/12/07 11:20:06.443121, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
Kerberos: AS-REQ ERR_ETYPE_NOSUPP ipv4:XXX.XXX.XXX.XXX:62162 <email address hidden> <email address hidden> elapsed=0.009237
[2022/12/07 11:20:06.445389, 3] ../../source4/samba/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2022/12/07 11:20:06.445902, 3] ../../source4/samba/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection - 'ldapsrv_call_wait_done: call->wait_recv() - NT_STATUS_LOCAL_DISCONNECT'
Apologies if this is the wrong place to post this, but I have upgraded to Samba 4.16.4 on Kinetic (Server is the sole AD on the domain). Previously, I was on Jammy and 4.15.9 in Jammy.
I'm able to join my Win11 22H2, and log in as a domain user, but any other domain activities, such as running the Active Directory Users & Groups app or even trying to select a domain user when changing ownership of a file (I'm a Domain Admin) fails. I was able to do this successfully before upgrading to Win11 and am still able to do it from a Win10 computer. I updated because I thought 4.16 had corrected this. Is there anything else I need to do/enable?
The samba log shows the following:
[2022/12/07 11:20:06.399155, 3] ../../lib/ ldb-samba/ ldb_wrap. c:332(ldb_ wrap_connect) ldap_server/ ldap_backend. c:783(ldapsrv_ SearchRequest) (objectclass= *) ldap_server/ ldap_backend. c:975(ldapsrv_ SearchRequest) SearchRequest: LDAP Query: Duration was 0.00s, SearchRequest by S-1-5-7 from ipv4:192. 168.3.230: 62160 filter: [(objectclass=*)] basedn: [] scope: [ auth/kerberos/ krb5_init_ context. c:90(smb_ krb5_debug_ wrapper) auth/kerberos/ krb5_init_ context. c:90(smb_ krb5_debug_ wrapper) auth/kerberos/ krb5_init_ context. c:90(smb_ krb5_debug_ wrapper) XXX.XXX. XXX:62161 for <email address hidden> util/util_ ldb.c:58( gendb_search_ v) DC=company, DC=net NULL -> 1 util/util_ ldb.c:58( gendb_search_ v) DC=company, DC=net NULL -> 1 util/util_ ldb.c:58( gendb_search_ v) DC=company, DC=net NULL -> 1 util/util_ ldb.c:58( gendb_search_ v) DC=company, DC=net NULL -> 1 util/util_ ldb.c:58( gendb_search_ v) DC=company, DC=net NULL -> 1 auth/kerberos/ krb5_init_ context. c:90(smb_ krb5_debug_ wrapper) XXX.XXX. XXX:62161 has no common enctypes with KDC to use for the session key auth/kerberos/ krb5_init_ context. c:90(smb_ krb5_debug_ wrapper) auth/kerberos/ krb5_init_ context. c:90(smb_ krb5_debug_ wrapper) auth/kerberos/ krb5_init_ context. c:90(smb_ krb5_debug_ wrapper) vaddkv( ): kv pair[0] elapsed=0.009605 auth/kerberos/ krb5_init_ context. c:90(smb_ krb5_debug_ wrapper) XXX.XXX. XXX:62161 <email address hidden> <email address hidden> elapsed=0.009605 samba/service_ stream. c:67(stream_ terminate_ connection) terminate_ connection: Terminating connection - 'kdc_tcp_call_loop: tstream_ read_pdu_ blob_recv( ) - NT_STATUS_ CONNECTION_ DISCONNECTED' auth/kerberos/ krb5_init_ context. c:90(smb_ krb5_debug_ wrapper) auth/kerberos/ krb5_init_ context. c:90(smb_ krb5_debug_ wrapper) auth/kerberos/ krb5_init_ context. c:90(smb_ krb5_debug_ wrapper) XXX.XXX. XXX:62162 for <email address hidden> util/util_ ldb.c:58( gendb_search_ v) DC=company, DC=net NULL -> 1 util/util_ ldb.c:58( gendb_search_ v) DC=company, DC=net NULL -> 1 util/util_ ldb.c:58( gendb_search_ v) DC=ecompany, DC=net NULL -> 1 util/util_ ldb.c:58( gendb_search_ v) DC=company, DC=net NULL -> 1 util/util_ ldb.c:58( gendb_search_ v) DC=company, DC=net NULL -> 1 auth/kerberos/ krb5_init_ context. c:90(smb_ krb5_debug_ wrapper) 168.3.230: 62162 has no common enctypes with KDC to use for the session key auth/kerberos/ krb5_init_ context. c:90(smb_ krb5_debug_ wrapper) auth/kerberos/ krb5_init_ context. c:90(smb_ krb5_debug_ wrapper) auth/kerberos/ krb5_init_ context. c:90(smb_ krb5_debug_ wrapper) vaddkv( ): kv pair[0] elapsed=0.009237 auth/kerberos/ krb5_init_ context. c:90(smb_ krb5_debug_ wrapper) XXX.XXX. XXX:62162 <email address hidden> <email address hidden> elapsed=0.009237 samba/service_ stream. c:67(stream_ terminate_ connection) terminate_ connection: Terminating connection - 'kdc_tcp_call_loop: tstream_ read_pdu_ blob_recv( ) - NT_STATUS_ CONNECTION_ DISCONNECTED' samba/service_ stream. c:67(stream_ terminate_ connection) terminate_ connection: Terminating connection - 'ldapsrv_ call_wait_ done: call->wait_recv() - NT_STATUS_ LOCAL_DISCONNEC T'
ldb_wrap open of secrets.ldb
[2022/12/07 11:20:06.408246, 5] ../../source4/
ldb_request BASE dn= filter=
[2022/12/07 11:20:06.411301, 5] ../../source4/
ldapsrv_
BASE] result: Success
[2022/12/07 11:20:06.418530, 3] ../../source4/
Kerberos: Probing for AS-REQ
[2022/12/07 11:20:06.418728, 3] ../../source4/
Kerberos: Not a FAST request
[2022/12/07 11:20:06.418843, 3] ../../source4/
Kerberos: AS-REQ <email address hidden> from ipv4:XXX.
[2022/12/07 11:20:06.421842, 6] ../../lib/
gendb_search_v: DC=domain,
[2022/12/07 11:20:06.423682, 6] ../../lib/
gendb_search_v: DC=domain,
[2022/12/07 11:20:06.424602, 6] ../../lib/
gendb_search_v: DC=domain,
[2022/12/07 11:20:06.426264, 6] ../../lib/
gendb_search_v: DC=domain,
[2022/12/07 11:20:06.427052, 6] ../../lib/
gendb_search_v: DC=domain,
[2022/12/07 11:20:06.427650, 3] ../../source4/
Kerberos: Client (<email address hidden>) from ipv4:XXX.
[2022/12/07 11:20:06.427770, 3] ../../source4/
Kerberos: as-req: sending error: -1765328370 to client
[2022/12/07 11:20:06.427866, 3] ../../source4/
Kerberos: Making non-FAST KRB-ERROR
[2022/12/07 11:20:06.428124, 3] ../../source4/
Kerberos: heim_audit_
[2022/12/07 11:20:06.428245, 3] ../../source4/
Kerberos: AS-REQ ERR_ETYPE_NOSUPP ipv4:XXX.
[2022/12/07 11:20:06.430388, 3] ../../source4/
stream_
[2022/12/07 11:20:06.433837, 3] ../../source4/
Kerberos: Probing for AS-REQ
[2022/12/07 11:20:06.434033, 3] ../../source4/
Kerberos: Not a FAST request
[2022/12/07 11:20:06.434148, 3] ../../source4/
Kerberos: AS-REQ <email address hidden> from ipv4:XXX.
[2022/12/07 11:20:06.436976, 6] ../../lib/
gendb_search_v: DC=domain,
[2022/12/07 11:20:06.438710, 6] ../../lib/
gendb_search_v: DC=domain,
[2022/12/07 11:20:06.439674, 6] ../../lib/
gendb_search_v: DC=domain,
[2022/12/07 11:20:06.441326, 6] ../../lib/
gendb_search_v: DC=domain,
[2022/12/07 11:20:06.442113, 6] ../../lib/
gendb_search_v: DC=domain,
[2022/12/07 11:20:06.442615, 3] ../../source4/
Kerberos: Client (<email address hidden>) from ipv4:192.
[2022/12/07 11:20:06.442759, 3] ../../source4/
Kerberos: as-req: sending error: -1765328370 to client
[2022/12/07 11:20:06.442825, 3] ../../source4/
Kerberos: Making non-FAST KRB-ERROR
[2022/12/07 11:20:06.443057, 3] ../../source4/
Kerberos: heim_audit_
[2022/12/07 11:20:06.443121, 3] ../../source4/
Kerberos: AS-REQ ERR_ETYPE_NOSUPP ipv4:XXX.
[2022/12/07 11:20:06.445389, 3] ../../source4/
stream_
[2022/12/07 11:20:06.445902, 3] ../../source4/
stream_