[Bug 1572122] Re: Samba upgrade to 3.6.25-0ubuntu0.12.04.2 break domain authentication
Christopher Nighswonger
1572122 at bugs.launchpad.net
Tue May 3 12:00:28 UTC 2016
When upgrading our DC from Ubuntu 13.04 to 14.04 we were also upgraded
from Samba 3.6.9 to 4.3.8. Now Ubuntu clients cannot authenticate and
(as ghomem mentions) Ubuntu member servers are not able to join the
domain. Unfortunately downgrading Samba on 14.04 is not as simple as
using dpkg or apt. Here is a snippet of debug out put when attempting to
join the domain:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
smb_signing_check_pdu: BAD SIG: wanted SMB signature of
[0000] CB 5B 1C 2A DC 07 09 6E .[.*...n
smb_signing_check_pdu: BAD SIG: got SMB signature of
[0000] 00 00 00 00 00 00 00 00 ........
smb_signing_good: BAD SIG: seq 1
SPNEGO login failed: Access denied
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : NULL
dns_domain_name : NULL
forest_name : NULL
dn : NULL
domain_sid : NULL
domain_sid : (NULL SID)
modified_config : 0x00 (0)
error_string : 'failed to lookup DC info for domain 'FOO' over rpc: Access denied'
domain_is_ad : 0x00 (0)
result : WERR_ACCESS_DENIED
Failed to join domain: failed to lookup DC info for domain 'FOO' over rpc: Access denied
return code = -1
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1572122
Title:
Samba upgrade to 3.6.25-0ubuntu0.12.04.2 break domain authentication
Status in samba package in Ubuntu:
Confirmed
Status in samba package in CentOS:
Unknown
Status in samba package in Debian:
New
Bug description:
Hi,
Problem : The last samba upgrade broke my ldap authentification for windows 7 client.
Upgrade : samba 2:3.6.3-2ubuntu2 -> samba 2:3.6.25-0ubuntu0.12.04.2
Config : Ubuntu serveur, 12.04 with Samba 3 + ldap
Win 7 errors : "The trust relationship between this workstation and the primary domain failed"
windows client can't join the domain
Linux client can authentificate themselves without problems.
Does anyone have similar problems ?
Thanks
cat /var/log/samba/log.pc075
[2016/04/19 08:40:30.050073, 2] smbd/sesssetup.c:1291(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2016/04/19 08:40:30.051311, 2] smbd/sesssetup.c:1291(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2016/04/19 08:40:30.051511, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened
[2016/04/19 08:40:30.059872, 2] rpc_server/samr/srv_samr_nt.c:3976(_samr_LookupDomain) Returning domain sid for domain ENSASE -> S-1-5-21-1348238158-1112093341-1520777740
[2016/04/19 08:40:30.060329, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: pc075$
[2016/04/19 08:40:30.069236, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515
[2016/04/19 08:40:30.069747, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515
[2016/04/19 08:40:30.070223, 2] ../libcli/auth/credentials.c:308(netlogon_creds_server_check_internal) credentials check failed
[2016/04/19 08:40:30.070271, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client PC075 machine account PC075$
[2016/04/19 08:40:30.072638, 2] rpc_server/samr/srv_samr_nt.c:3976(_samr_LookupDomain)
Returning domain sid for domain ENSASE -> S-1-5-21-1348238158-1112093341-1520777740
[2016/04/19 08:40:30.073005, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: pc075$
[2016/04/19 08:40:30.073580, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515
[2016/04/19 08:40:30.076775, 1] rpc_server/srv_pipe.c:1845(api_pipe_request) srv_pipe_check_verification_trailer: failed
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572122/+subscriptions
More information about the foundations-bugs
mailing list