Ubuntu
samba package

Bug #1993934
Comment #38

Comment 38 for bug 1993934

Revision history for this message

Ron Garcia-Vidal (r3n) wrote on 2022-12-07 (last edit on 2022-12-07):

#38

Apologies if this is the wrong place to post this, but I have upgraded to Samba 4.16.4 on Kinetic (Server is the sole AD on the domain). Previously, I was on Jammy and 4.15.9 in Jammy.

I'm able to join my Win11 22H2, and log in as a domain user, but any other domain activities, such as running the Active Directory Users & Groups app or even trying to select a domain user when changing ownership of a file (I'm a Domain Admin) fails. I was able to do this successfully before upgrading to Win11 and am still able to do it from a Win10 computer. I updated because I thought 4.16 had corrected this. Is there anything else I need to do/enable?

The samba log shows the following:

[2022/12/07 11:20:06.399155, 3] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2022/12/07 11:20:06.408246, 5] ../../source4/ldap_server/ldap_backend.c:783(ldapsrv_SearchRequest)
  ldb_request BASE dn= filter=(objectclass=*)
[2022/12/07 11:20:06.411301, 5] ../../source4/ldap_server/ldap_backend.c:975(ldapsrv_SearchRequest)
  ldapsrv_SearchRequest: LDAP Query: Duration was 0.00s, SearchRequest by S-1-5-7 from ipv4:192.168.3.230:62160 filter: [(objectclass=*)] basedn: [] scope: [
BASE] result: Success
[2022/12/07 11:20:06.418530, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: Probing for AS-REQ
[2022/12/07 11:20:06.418728, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: Not a FAST request
[2022/12/07 11:20:06.418843, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: AS-REQ <email address hidden> from ipv4:XXX.XXX.XXX.XXX:62161 for <email address hidden>
[2022/12/07 11:20:06.421842, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.423682, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.424602, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.426264, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.427052, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.427650, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: Client (<email address hidden>) from ipv4:XXX.XXX.XXX.XXX:62161 has no common enctypes with KDC to use for the session key
[2022/12/07 11:20:06.427770, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: as-req: sending error: -1765328370 to client
[2022/12/07 11:20:06.427866, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: Making non-FAST KRB-ERROR
[2022/12/07 11:20:06.428124, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: heim_audit_vaddkv(): kv pair[0] elapsed=0.009605
[2022/12/07 11:20:06.428245, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: AS-REQ ERR_ETYPE_NOSUPP ipv4:XXX.XXX.XXX.XXX:62161 <email address hidden> <email address hidden> elapsed=0.009605
[2022/12/07 11:20:06.430388, 3] ../../source4/samba/service_stream.c:67(stream_terminate_connection)
  stream_terminate_connection: Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2022/12/07 11:20:06.433837, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: Probing for AS-REQ
[2022/12/07 11:20:06.434033, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: Not a FAST request
[2022/12/07 11:20:06.434148, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: AS-REQ <email address hidden> from ipv4:XXX.XXX.XXX.XXX:62162 for <email address hidden>
[2022/12/07 11:20:06.436976, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.438710, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.439674, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=ecompany,DC=net NULL -> 1
[2022/12/07 11:20:06.441326, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.442113, 6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.442615, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: Client (<email address hidden>) from ipv4:192.168.3.230:62162 has no common enctypes with KDC to use for the session key
[2022/12/07 11:20:06.442759, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: as-req: sending error: -1765328370 to client
[2022/12/07 11:20:06.442825, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: Making non-FAST KRB-ERROR
[2022/12/07 11:20:06.443057, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: heim_audit_vaddkv(): kv pair[0] elapsed=0.009237
[2022/12/07 11:20:06.443121, 3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: AS-REQ ERR_ETYPE_NOSUPP ipv4:XXX.XXX.XXX.XXX:62162 <email address hidden> <email address hidden> elapsed=0.009237
[2022/12/07 11:20:06.445389, 3] ../../source4/samba/service_stream.c:67(stream_terminate_connection)
  stream_terminate_connection: Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2022/12/07 11:20:06.445902, 3] ../../source4/samba/service_stream.c:67(stream_terminate_connection)
  stream_terminate_connection: Terminating connection - 'ldapsrv_call_wait_done: call->wait_recv() - NT_STATUS_LOCAL_DISCONNECT'

Apologies if this is the wrong place to post this, but I have upgraded to Samba 4.16.4 on Kinetic (Server is the sole AD on the domain). Previously, I was on Jammy and 4.15.9 in Jammy.

The samba log shows the following:

[2022/12/07 11:20:06.399155,  3] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2022/12/07 11:20:06.408246,  5] ../../source4/ldap_server/ldap_backend.c:783(ldapsrv_SearchRequest)
  ldb_request BASE dn= filter=(objectclass=*)
[2022/12/07 11:20:06.411301,  5] ../../source4/ldap_server/ldap_backend.c:975(ldapsrv_SearchRequest)
  ldapsrv_SearchRequest: LDAP Query: Duration was 0.00s, SearchRequest by S-1-5-7 from ipv4:192.168.3.230:62160 filter: [(objectclass=*)] basedn: [] scope: [
BASE] result: Success
[2022/12/07 11:20:06.418530,  3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: Probing for AS-REQ
[2022/12/07 11:20:06.418728,  3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: Not a FAST request
[2022/12/07 11:20:06.418843,  3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: AS-REQ user@domain.company.net from ipv4:XXX.XXX.XXX.XXX:62161 for krbtgt/domain.company.net@domain.company.net
[2022/12/07 11:20:06.421842,  6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.423682,  6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.424602,  6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.426264,  6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.427052,  6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.427650,  3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: Client (user@domain.company.net) from ipv4:XXX.XXX.XXX.XXX:62161 has no common enctypes with KDC to use for the session key
[2022/12/07 11:20:06.427770,  3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: as-req: sending error: -1765328370 to client
[2022/12/07 11:20:06.427866,  3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: Making non-FAST KRB-ERROR
[2022/12/07 11:20:06.428124,  3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: heim_audit_vaddkv(): kv pair[0] elapsed=0.009605
[2022/12/07 11:20:06.428245,  3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: AS-REQ ERR_ETYPE_NOSUPP ipv4:XXX.XXX.XXX.XXX:62161 user@domain.company.net krbtgt/domain.company.net@domain.company.net elapsed=0.009605
[2022/12/07 11:20:06.430388,  3] ../../source4/samba/service_stream.c:67(stream_terminate_connection)
  stream_terminate_connection: Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2022/12/07 11:20:06.433837,  3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: Probing for AS-REQ
[2022/12/07 11:20:06.434033,  3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: Not a FAST request
[2022/12/07 11:20:06.434148,  3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: AS-REQ user@domain.company.net from ipv4:XXX.XXX.XXX.XXX:62162 for krbtgt/domain.company.net@domain.company.net
[2022/12/07 11:20:06.436976,  6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.438710,  6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.439674,  6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=ecompany,DC=net NULL -> 1
[2022/12/07 11:20:06.441326,  6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.442113,  6] ../../lib/util/util_ldb.c:58(gendb_search_v)
  gendb_search_v: DC=domain,DC=company,DC=net NULL -> 1
[2022/12/07 11:20:06.442615,  3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: Client (user@domain.company.net) from ipv4:192.168.3.230:62162 has no common enctypes with KDC to use for the session key
[2022/12/07 11:20:06.442759,  3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: as-req: sending error: -1765328370 to client
[2022/12/07 11:20:06.442825,  3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: Making non-FAST KRB-ERROR
[2022/12/07 11:20:06.443057,  3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: heim_audit_vaddkv(): kv pair[0] elapsed=0.009237
[2022/12/07 11:20:06.443121,  3] ../../source4/auth/kerberos/krb5_init_context.c:90(smb_krb5_debug_wrapper)
  Kerberos: AS-REQ ERR_ETYPE_NOSUPP ipv4:XXX.XXX.XXX.XXX:62162 user@domain.company.net krbtgt/domain.company.net@domain.company.net elapsed=0.009237
[2022/12/07 11:20:06.445389,  3] ../../source4/samba/service_stream.c:67(stream_terminate_connection)
  stream_terminate_connection: Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2022/12/07 11:20:06.445902,  3] ../../source4/samba/service_stream.c:67(stream_terminate_connection)
  stream_terminate_connection: Terminating connection - 'ldapsrv_call_wait_done: call->wait_recv() - NT_STATUS_LOCAL_DISCONNECT'

Ubuntusamba package

Comment 38 for bug 1993934

Ubuntu
samba package