Hi everyone,
After upgrading my environment from UCS 5.0.4 to version 5.2, I’ve noticed a massive amount of log flooding. My Samba logs are filling up with tens of thousands of entries like this:
{
"timestamp": "2026-03-09T07:45:32.235933+0100",
"type": "KDC Authorization",
"KDC Authorization": {
"version": {
"major": 1,
"minor": 0
},
"status": "NT_STATUS_NO_SUCH_USER",
"localAddress": null,
"remoteAddress": "ipv4:10.10.235.171:49775",
"serviceDescription": "krbtgt/NT\\ Authority@INTERNAL.LAN",
"authType": "TGS-REQ with Ticket-Granting Ticket",
"domain": null,
"account": null,
"sid": null,
"logonServer": "UCSDC1",
"authTime": "2026-03-09T07:45:32.234291+0100",
"serverPolicyAccessCheck": null
}
}
It seems that clients (like 10.10.235.171 in the example) are trying to request a Kerberos ticket for the “NT Authority” identity, which the KDC obviously cannot find in the database.
This started happening exactly after the upgrade. Has anyone else experienced this behavior with the new Samba version in UCS 5.2? Is there a specific configuration or a known change in how Kerberos requests are handled or logged in this release?
Any insight on what might be causing this would be greatly appreciated.
Thanks!
bb.