Acknowledgement sent
to Christian Kreidl <debian@chk.cksf.de>:
New Bug report received and forwarded. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>.
(Tue, 19 Apr 2016 13:57:10 GMT) (full text, mbox, link).
Package: samba
Version: 2:3.6.6-6+deb7u9
Severity: grave
Hi!
Upgrading samba to version 2:3.6.6-6+deb7u9, containing the badlock patch, causes trust relationship
of Win7 domain members and samba PDC to fail. Users can't log in anymore.
Downgrading to the previous version 2:3.6.6-6+deb7u7 fixes the problem immediately, without
rejoining clients to the domain.
Samba error:
Apr 18 13:32:25 srv01 smbd[29622]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client pc02 machine account pc02$
Win7 message: "The trust relationship between this workstation and the primary domain failed"
See also these bug reports:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572122https://bugzilla.redhat.com/show_bug.cgi?id=1326918
Thanks!
Christian
Acknowledgement sent
to Michael Prokop <mika@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>.
(Wed, 20 Apr 2016 06:03:04 GMT) (full text, mbox, link).
* Christian Kreidl [Tue Apr 19, 2016 at 03:54:17PM +0200]:
> Upgrading samba to version 2:3.6.6-6+deb7u9, containing the badlock patch, causes trust relationship
> of Win7 domain members and samba PDC to fail. Users can't log in anymore.
> Downgrading to the previous version 2:3.6.6-6+deb7u7 fixes the problem immediately, without
> rejoining clients to the domain.
> Samba error:
> Apr 18 13:32:25 srv01 smbd[29622]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
> Rejecting auth request from client pc02 machine account pc02$
> Win7 message: "The trust relationship between this workstation and the primary domain failed"
> See also these bug reports:
> https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572122
> https://bugzilla.redhat.com/show_bug.cgi?id=1326918
I can confirm this one:
| [2016/04/20 07:50:57.851691, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3)
| _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client FOOBAR0042 machine account FOOBAR0042$
Downgrading to 2:3.6.6-6+deb7u7 fixes the problem.
regards,
-mika-
Acknowledgement sent
to Santiago Ruano Rincón <santiagorr@riseup.net>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>.
(Fri, 29 Apr 2016 12:57:04 GMT) (full text, mbox, link).
Dear Samba maintainers,
Any updates about this bug?
LTS Team, anyone could help to handle it?
According to comment#17 in
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572122
Andreas Schneider prepared a fix for 3.6.25.
Cheers,
Santiago
Added tag(s) jessie.
Request was from Jelmer Vernooij <jelmer@debian.org>
to control@bugs.debian.org.
(Mon, 02 May 2016 14:30:04 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Jelmer Vernooij <jelmer@debian.org>
to control@bugs.debian.org.
(Mon, 02 May 2016 14:33:08 GMT) (full text, mbox, link).
Added tag(s) confirmed.
Request was from Jelmer Vernooij <jelmer@debian.org>
to control@bugs.debian.org.
(Mon, 02 May 2016 14:33:12 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>: Bug#821811; Package samba.
(Fri, 06 May 2016 09:21:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Marco Gaiarin <gaio@sv.lnf.it>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>.
(Fri, 06 May 2016 09:21:05 GMT) (full text, mbox, link).
I manage some samba 3.6 network on wheezy, and i can confirm this bug:
i was forced to rollback to pre-badlock samba version, because, sooner
or later, all clients (windows 7 pro) refuse the user logon.
Error it is not everitime the same. I get (sorry for italian... damned
microsoft that translate log messages!):
May 5 16:31:16 GIUSEPPE microsoft-windows-security-auditing[failure] 4625 Accesso di un account non riuscito.Soggetto:#011ID sicurezza:#011#011S-1-5-18#011Nome account:#011#011GIUSEPPE$#011Dominio account:#011#011ACPN#011ID accesso:#011#0110x3e7Tipo di accesso:#011#011#0117Account il cui accesso non <E8> riuscito:#011ID sicurezza:#011#011S-1-0-0#011Nome account:#011#011ramona#011Dominio account:#011#011ACPNInformazioni sull'errore:#011Motivo dell'errore:#011#011%2304#011Stato:#011#011#0110xc000018d#011Stato secondario:#011#0110x0Informazioni sul processo:#011ID processo chiamante:#0110x228#011Nome processo chiamante:C:\Windows\System32\lsass.exeInformazioni di rete:#011Nome workstation:#011GIUSEPPE#011Indirizzo di rete di origine:#011-#011Porta di origine:#011#011-Informazioni di autenticazione dettagliate:#011Processo di accesso:#011#011Negotiat#011Pacchetto di autenticazione:#011Negotiate#011Servizi transitati:#011-#011Nome pacchetto (solo NTLM):#011-#011Lunghezza chiave:#011#0110Questo evento viene generato quando una richiesta diaccesso non ha esito positivo. Viene generato nel computerin cui <E8> stato tentato l'accesso.Il campo Soggetto indica l'account nel sistema l
May 5 16:31:16 GIUSEPPE netlogon[error] 3210 Autenticazione non riuscita con \\RITA, un controller didominio di Windows per il dominio ACPN, pertanto <E8>possibile che le richieste di accesso vengano negate.L<92>impossibilit<E0> di autenticare pu<F2> essere dovuta al mancatoriconoscimento di un altro computer connesso alla stessarete tramite lo stesso nome o la stessa password perl<92>account di questo computer. Se questo messaggio vienevisualizzato di nuovo, contattare l'amministratore disistema.
(eg, roughly 'trust relationshipt not valid'), but also:
May 5 17:42:27 GIUSEPPE netlogon[error] 5783 L'installazione della sessione sul controller di dominio diWindows NT o di Windows 2000 \\RITA per il dominio ACPN nonrisponde. La chiamata RPC corrente effettuata da Netlogonsu \\GIUSEPPE a \\RITA <E8> stata annullata.
(eg, roughly 'domain not found').
Note that if i remove the trust relationship on the workstation, and then i
rejoin it, the join work. But still there's no auth at subsequent
reboot (eg, join works but is ineffective).
I've tried all combination of:
ntlm auth =
server signing =
client signing =
client ipc signing =
but nothing work.
Thanks.
Added tag(s) wheezy.
Request was from Jelmer Vernooij <jelmer@debian.org>
to control@bugs.debian.org.
(Fri, 13 May 2016 18:57:04 GMT) (full text, mbox, link).
Removed tag(s) jessie.
Request was from Jelmer Vernooij <jelmer@debian.org>
to control@bugs.debian.org.
(Fri, 13 May 2016 18:57:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>: Bug#821811; Package samba.
(Wed, 18 May 2016 19:51:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Antoine Beaupré <anarcat@orangeseeds.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>.
(Wed, 18 May 2016 19:51:12 GMT) (full text, mbox, link).
On 2016-04-29 08:55:43, Santiago Ruano Rincón wrote:
> Dear Samba maintainers,
>
> Any updates about this bug?
>
> LTS Team, anyone could help to handle it?
>
> According to comment#17 in
> https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572122
> Andreas Schneider prepared a fix for 3.6.25.
Hi again!
Should the LTS team prepare a regression update to the wheezy version at
least?
It seems things have been resolved on the Ubuntu side of things.
A.
--
We live in capitalism. Its power seems inescapable. So did the divine
right of kings. Any human power can be resisted and changed by human
beings. Resistance and change often begin in art, and very often in
our art—the art of words. - Ursula Le Guin
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>: Bug#821811; Package samba.
(Mon, 23 May 2016 10:30:25 GMT) (full text, mbox, link).
Acknowledgement sent
to Andrew Bartlett <abartlet@samba.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>.
(Mon, 23 May 2016 10:30:25 GMT) (full text, mbox, link).
On Wed, 2016-05-18 at 15:47 -0400, Antoine Beaupré wrote:
> On 2016-04-29 08:55:43, Santiago Ruano Rincón wrote:
> > Dear Samba maintainers,
> >
> > Any updates about this bug?
> >
> > LTS Team, anyone could help to handle it?
> >
> > According to comment#17 in
> > https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572122
> > Andreas Schneider prepared a fix for 3.6.25.
>
> Hi again!
>
> Should the LTS team prepare a regression update to the wheezy version
> at
> least?
That would be a good idea at this point.
I'm happy to review things, just not had the time to switch back on to
debian matters.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>: Bug#821811; Package samba.
(Thu, 26 May 2016 09:45:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Santiago Ruano Rincón <santiagorr@riseup.net>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>.
(Thu, 26 May 2016 09:45:06 GMT) (full text, mbox, link).
El 23/05/16 a las 22:28, Andrew Bartlett escribió:
> On Wed, 2016-05-18 at 15:47 -0400, Antoine Beaupré wrote:
> > On 2016-04-29 08:55:43, Santiago Ruano Rincón wrote:
> > > Dear Samba maintainers,
> > >
> > > Any updates about this bug?
> > >
> > > LTS Team, anyone could help to handle it?
> > >
> > > According to comment#17 in
> > > https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572122
> > > Andreas Schneider prepared a fix for 3.6.25.
> >
> > Hi again!
> >
> > Should the LTS team prepare a regression update to the wheezy version
> > at
> > least?
>
> That would be a good idea at this point.
>
> I'm happy to review things, just not had the time to switch back on to
> debian matters.
>
> Andrew Bartlett
Hi,
To the current package in git, I have added some patches imported from
the Ubuntu package, versions 2:3.6.25-0ubuntu0.12.04.3 and
2:3.6.25-0ubuntu0.12.04.4. The debdiff is attached. Andrew, could you
please take a look on it? Also, test package is available at:
deb https://people.debian.org/~santiago/debian santiago-wheezy/
deb-src https://people.debian.org/~santiago/debian santiago-wheezy/
Please, test them. I don't have the infrastructure to actually verify
they solve the regressions. So, if somebody else would like to claim
this package, please do it!
Cheers,
Santiago
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>: Bug#821811; Package samba.
(Thu, 09 Jun 2016 01:45:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Vincent McIntyre <vincent.mcintyre@csiro.au>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>.
(Thu, 09 Jun 2016 01:45:12 GMT) (full text, mbox, link).
I can confirm that after downgrading these packages
samba samba-common samba-common-bin libwbclient0
smbclient samba-tools
to version 2:3.6.6-6+deb7u7 and then upgrading with
apt-get -t santiago-wheezy install samba samba-common \
samba-common-bin libwbclient0 smbclient samba-tools
the system continued to work without issue; it remained joined to
the domain and users could connect as normal.
Note that this system was not running winbind, it was not installed.
Vince
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>: Bug#821811; Package samba.
(Thu, 09 Jun 2016 21:06:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Andrew Bartlett <abartlet@samba.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>.
(Thu, 09 Jun 2016 21:06:06 GMT) (full text, mbox, link).
On Thu, 2016-05-26 at 11:40 +0200, Santiago Ruano Rincón wrote:
> El 23/05/16 a las 22:28, Andrew Bartlett escribió:
> >
> > On Wed, 2016-05-18 at 15:47 -0400, Antoine Beaupré wrote:
> > >
> > > On 2016-04-29 08:55:43, Santiago Ruano Rincón wrote:
> > > >
> > > > Dear Samba maintainers,
> > > >
> > > > Any updates about this bug?
> > > >
> > > > LTS Team, anyone could help to handle it?
> > > >
> > > > According to comment#17 in
> > > > https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572122
> > > > Andreas Schneider prepared a fix for 3.6.25.
> > > Hi again!
> > >
> > > Should the LTS team prepare a regression update to the wheezy
> > > version
> > > at
> > > least?
> > That would be a good idea at this point.
> >
> > I'm happy to review things, just not had the time to switch back on
> > to
> > debian matters.
> >
> > Andrew Bartlett
> Hi,
>
> To the current package in git, I have added some patches imported
> from
> the Ubuntu package, versions 2:3.6.25-0ubuntu0.12.04.3 and
> 2:3.6.25-0ubuntu0.12.04.4. The debdiff is attached. Andrew, could you
> please take a look on it? Also, test package is available at:
>
> deb https://people.debian.org/~santiago/debian santiago-wheezy/
> deb-src https://people.debian.org/~santiago/debian santiago-
> wheezy/
>
> Please, test them. I don't have the infrastructure to actually verify
> they solve the regressions. So, if somebody else would like to claim
> this package, please do it!
Given that we have a confirmation that this addresses the issue, and
that the patches match the recommendations from upstream, I approve
this update. Please go ahead and push it out.
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>: Bug#821811; Package samba.
(Fri, 10 Jun 2016 13:51:10 GMT) (full text, mbox, link).
Acknowledgement sent
to "C. Grill" <c.grill@ecka-granules.com>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>.
(Fri, 10 Jun 2016 13:51:10 GMT) (full text, mbox, link).
Version: 2:3.6.6-6+deb7u10
2016-06-09 3:28 GMT+02:00 Vincent McIntyre <vincent.mcintyre@csiro.au>:
> I can confirm that after downgrading these packages
>
> samba samba-common samba-common-bin libwbclient0
> smbclient samba-tools
>
> to version 2:3.6.6-6+deb7u7 and then upgrading with
>
> apt-get -t santiago-wheezy install samba samba-common \
> samba-common-bin libwbclient0 smbclient samba-tools
>
> the system continued to work without issue; it remained joined to
> the domain and users could connect as normal.
>
> Note that this system was not running winbind, it was not installed.
Thanks for your feedback. I'm closing this bug then.
Regards
--
Mathieu Parent
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>: Bug#821811; Package samba.
(Thu, 23 Jun 2016 10:27:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Marco Gaiarin <gaio@sv.lnf.it>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>.
(Thu, 23 Jun 2016 10:27:08 GMT) (full text, mbox, link).
Subject: Still bug present... and 'client ipc signing' reported as not valid
option...
Date: Thu, 23 Jun 2016 12:22:53 +0200
I've tried to update to latest version, 2:3.6.6-6+deb7u10, but as
previous version after some hours/days all client refuse to
authenticate users, seems to me because was not able to update the
machine account password (so join get invalid).
Also, a note, as stated in subject, testparm say me that 'client ipc
signing' is a invalid option, and this sound strange to me, because
that option are cited in changelog.
Anyway, rolled back to 2:3.6.6-6+deb7u7 (pre-badlock), now all work as
expected.
Thanks.
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 22 Jul 2016 07:25:42 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.