Linux and SMBv1.

Doria 1,246 Reputation points
2020-10-22T19:06:29.477+00:00

Hi everyone!

We have a Linux application with an old product installed failing to authenticate to our W2K19 DCs. When enabling SMBv1 and SMB audit (https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3), I found several error messages, all identical to the following:

Event[98]:
Log Name: Microsoft-Windows-SMBServer/Security
Source: Microsoft-Windows-SMBServer
Date: 2020-10-22T11:35:02.268
Event ID: 551
Task: N/A
Level: Error
Opcode: Info
Keyword: Audit Failure
User: S-1-5-18
User Name: NT AUTHORITY\SYSTEM
Computer: srvwi087.tce.ms
Description:
SMB Session Authentication Failure

Client Name: \192.168.0.149
Client Address: 192.168.0.149:56880
User Name:
Session ID: 0x348AF000006D
Status: The attempted logon is invalid. This is either due to a bad username or authentication information. (0xC000006D)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation

Guidance:

You should expect this error when attempting to connect to shares using incorrect credentials.

This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.

This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled

So, based on the above, how can I investigate further to find out what are these incompatible settings? Any ideas? By the way, the same application works on W2K8R2 DC, but we need to turn off this old DC.

Thanks all.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,695 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,908 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Thameur-BOURBITA 32,831 Reputation points
    2020-10-22T23:10:28.13+00:00

    Hi,

    If you are using kerberos as authentication protocol , you should check your spn settings and the keytab configuration if linux need it for kerberos authentication.

    You can launch network capture to check the exchange between client , server and domain controller and if there is a missing or incorrect spn.

    Please don't forget to mark this reply as answer if it help you to fix your issue

    0 comments No comments

  2. Fan Fan 15,326 Reputation points Microsoft Vendor
    2020-10-23T07:01:26.75+00:00

    Hi,
    As Thameur said , we can launch network capture for more details .
    For the incompatible settings, you can check if there are any differences between the 2 DCs.
    34515-10234.jpg
    Policy Location
    Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

    Registry Location
    HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel

    0 comments No comments

  3. Doria 1,246 Reputation points
    2020-10-26T13:34:48.67+00:00

    Hi everyone!

    Interestingly, I went to check the registry key, but both are identical.

    We will try to capture network traffic.

    35017-04.png35055-071.png


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.