[Bug 1574228] Re: Changes to Samba packages for April 12 prevent legacy Windows clients from logging in to NT4 style domain

John Edwards 1574228 at bugs.launchpad.net
Mon Apr 25 16:24:11 UTC 2016 

*** This bug is a duplicate of bug 1572122 ***
    https://bugs.launchpad.net/bugs/1572122

@Michael #8, yes the problem was all of our servers run with an LDAP
backend so I could not test a server without that. Bug seems to be more
in the domain trust area or RPC.

This is the proposed patch by Andreas Schneider, who has been working on the problem at Red Hat:
https://git.samba.org/?p=asn/samba.git;a=commit;h=82fa625540abf8b8ec23d43c41e2ca906a9928a5

And that patch seems to be in RPC and so probably independent of LDAP.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1574228

Title:
  Changes to Samba packages for April 12 prevent legacy Windows clients
  from logging in to NT4 style domain

Status in samba package in Ubuntu:
  Confirmed

Bug description:
  On Ubuntu 12.04 fully patched, this weekend I attempted to apply the
  samba 2:3.6.25-0ubuntu0.12.04.2 updates. That resulted in a Samba NT4
  PDC that downlevel Windows clients could no longer log in to. Logging
  into said Windows machines with a local account and manually issuing
  the NET USE command to bring up drive mounts to the Samba server were
  successful.

  I have taken log snapshots with Samba logging set to level 3 of a
  Windows XP virtual machine attempting to connect to the Samba PDC
  server.

  From the working log I see:

    switch message SMBwriteX (pid 4906) conn 0xb82f9978
    api_rpcTNP: rpc command: NETR_LOGONSAMLOGON
    schannel_fetch_session_key_tdb: restored schannel info key SECRETS/SCHANNEL/MDLXP
    schannel_store_session_key_tdb: stored schannel info with key SECRETS/SCHANNEL/MDLXP
    Forcing Primary Group to 'Domain Users' for mdlueck

  Whereas in the not working log I see at the same spot:

    switch message SMBwriteX (pid 21144) conn 0xb96f7200
    srv_pipe_check_verification_trailer: failed

  Perhaps did Samba make a change that requires something to be
  specified in the smb.conf to accept connections from legacy clients?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1574228/+subscriptions

More information about the foundations-bugs mailing list