[Bug 1572122] Re: Samba upgrade to 3.6.25-0ubuntu0.12.04.2 break domain authentication

John Edwards 1572122 at bugs.launchpad.net
Mon Apr 25 15:23:06 UTC 2016 

Contents of Andreas_Schneider patch to srv_pipe.c to fix the regression
verifying the security trailer, taken from
https://git.samba.org/?p=asn/samba.git;a=commitdiff;h=82fa625540abf8b8ec23d43c41e2ca906a9928a5;hp=ea6f2386611d0a4edd65962a59b3448be976c1bb

--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -1552,7 +1552,6 @@ static bool srv_pipe_check_verification_trailer(struct pipes_struct *p,
 {
        TALLOC_CTX *frame = talloc_stackframe();
        struct dcerpc_sec_verification_trailer *vt = NULL;
-       const uint32_t bitmask1 = 0;
        const struct dcerpc_sec_vt_pcontext pcontext = {
                .abstract_syntax = pipe_fns->syntax,
                .transfer_syntax = ndr_transfer_syntax,
@@ -1573,7 +1572,7 @@ static bool srv_pipe_check_verification_trailer(struct pipes_struct *p,
                goto done;
        }
 
-       ret = dcerpc_sec_verification_trailer_check(vt, &bitmask1,
+       ret = dcerpc_sec_verification_trailer_check(vt, NULL,
                                                    &pcontext, &header2);
 done:
        TALLOC_FREE(frame);


** Patch added: "~/temp/firefox-downloads/Andreas_Schneider_srv_pipe.c.patch"
   https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572122/+attachment/4646754/+files/Andreas_Schneider_srv_pipe.c.patch

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1572122

Title:
  Samba upgrade to 3.6.25-0ubuntu0.12.04.2 break domain authentication

Status in samba package in Ubuntu:
  Confirmed
Status in samba package in CentOS:
  Unknown
Status in samba package in Debian:
  New

Bug description:
  Hi,

  Problem :  The last samba upgrade broke my ldap authentification for windows 7 client. 
  Upgrade : samba 2:3.6.3-2ubuntu2 -> samba 2:3.6.25-0ubuntu0.12.04.2 
  Config : Ubuntu serveur, 12.04 with Samba 3 + ldap

  Win 7 errors : "The trust relationship between this workstation and the primary domain failed" 
  windows client can't join the domain

  Linux client can authentificate themselves without problems.

  Does anyone  have similar problems ?

  
  Thanks

  
      cat /var/log/samba/log.pc075

      [2016/04/19 08:40:30.050073,  2] smbd/sesssetup.c:1291(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
      [2016/04/19 08:40:30.051311,  2] smbd/sesssetup.c:1291(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
      [2016/04/19 08:40:30.051511,  2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened
      [2016/04/19 08:40:30.059872,  2] rpc_server/samr/srv_samr_nt.c:3976(_samr_LookupDomain) Returning domain sid for domain ENSASE -> S-1-5-21-1348238158-1112093341-1520777740
      [2016/04/19 08:40:30.060329,  2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: pc075$
      [2016/04/19 08:40:30.069236,  2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515
      [2016/04/19 08:40:30.069747,  2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515
      [2016/04/19 08:40:30.070223,  2] ../libcli/auth/credentials.c:308(netlogon_creds_server_check_internal) credentials check failed
      [2016/04/19 08:40:30.070271,  0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client PC075 machine account PC075$
      [2016/04/19 08:40:30.072638,  2] rpc_server/samr/srv_samr_nt.c:3976(_samr_LookupDomain)
    Returning domain sid for domain ENSASE -> S-1-5-21-1348238158-1112093341-1520777740
      [2016/04/19 08:40:30.073005,  2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: pc075$
      [2016/04/19 08:40:30.073580,  2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515
      [2016/04/19 08:40:30.076775,  1] rpc_server/srv_pipe.c:1845(api_pipe_request) srv_pipe_check_verification_trailer: failed

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572122/+subscriptions

More information about the foundations-bugs mailing list