[Freeipa-users] Re: IPA to AD trust 4625 NULL SID logon failures
On to, 13 heinä 2017, Andy Thompson via FreeIPA-users wrote: -Original Message- From: Alexander Bokovoy [mailto:aboko...@redhat.com] Sent: Wednesday, July 12, 2017 1:45 AM To: FreeIPA users list Cc: Andy Thompson Subject: Re: [Freeipa-users] IPA to AD trust 4625 NULL SID logon failures On ti, 11 heinä 2017, Andy Thompson via FreeIPA-users wrote: >We are troubleshooting an account lockout issue and came across the >error below in the windows DC event logs while investigating. They are >appearing in two of our environments, the third is quiet. These are >logged several times a minute and are likely unrelated to the lockout >issue, but what IPA process could cause this? I think these are anonymous connections and unrelated to your lockouts. They definitely aren't related to the lockouts but what anonymous connection would come from IPA? I find it odd I'm only seeing it in two of my environments this much but they all have AD trusts in place It is a by-product of IPA not fully supporting pass-through authentication across the trust boundary yet. Winbindd on IPA master needs to communicate back to AD DCs it trusts but it does not always have secure channel credentials available so it uses anonymous connections to probe first, then falls back to use of a TDO object. It is part of internal Samba logic and is being refactored for Samba 4.7+. -- / Alexander Bokovoy ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: IPA to AD trust 4625 NULL SID logon failures
> -Original Message- > From: Alexander Bokovoy [mailto:aboko...@redhat.com] > Sent: Wednesday, July 12, 2017 1:45 AM > To: FreeIPA users list > Cc: Andy Thompson > Subject: Re: [Freeipa-users] IPA to AD trust 4625 NULL SID logon failures > > On ti, 11 heinä 2017, Andy Thompson via FreeIPA-users wrote: > >We are troubleshooting an account lockout issue and came across the > >error below in the windows DC event logs while investigating. They are > >appearing in two of our environments, the third is quiet. These are > >logged several times a minute and are likely unrelated to the lockout > >issue, but what IPA process could cause this? > I think these are anonymous connections and unrelated to your lockouts. > They definitely aren't related to the lockouts but what anonymous connection would come from IPA? I find it odd I'm only seeing it in two of my environments this much but they all have AD trusts in place > > > >Running IPA (ipa-server-4.4.0-14.el7_3.7) on RHEL 7.1 > > > >An account failed to log on. > > > >Subject: > > Security ID:NULL SID > > Account Name: - > > Account Domain: - > > Logon ID: 0x0 > > > >Logon Type: 3 > > > >Account For Which Logon Failed: > > Security ID:NULL SID > > Account Name: > > Account Domain: > > > >Failure Information: > > Failure Reason: An Error occured during Logon. > > Status: 0x80090302 > > Sub Status: 0x0 > > > >Process Information: > > Caller Process ID: 0x0 > > Caller Process Name:- > > > >Network Information: > > Workstation Name: - > > Source Network Address: > > Source Port:35392 > > > >Detailed Authentication Information: > > Logon Process: > > Authentication Package: NTLM > > Transited Services: - > > Package Name (NTLM only): - > > Key Length: 0 > >___ > >FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > >To unsubscribe send an email to > >freeipa-users-le...@lists.fedorahosted.org > > -- > / Alexander Bokovoy ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: IPA to AD trust 4625 NULL SID logon failures
On ti, 11 heinä 2017, Andy Thompson via FreeIPA-users wrote: We are troubleshooting an account lockout issue and came across the error below in the windows DC event logs while investigating. They are appearing in two of our environments, the third is quiet. These are logged several times a minute and are likely unrelated to the lockout issue, but what IPA process could cause this? I think these are anonymous connections and unrelated to your lockouts. Running IPA (ipa-server-4.4.0-14.el7_3.7) on RHEL 7.1 An account failed to log on. Subject: Security ID:NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID:NULL SID Account Name: Account Domain: Failure Information: Failure Reason: An Error occured during Logon. Status: 0x80090302 Sub Status: 0x0 Process Information: Caller Process ID: 0x0 Caller Process Name:- Network Information: Workstation Name: - Source Network Address: Source Port:35392 Detailed Authentication Information: Logon Process: Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - Key Length: 0 ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org -- / Alexander Bokovoy ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org