144357 – upgrade of 3.0.7 -> 3.0.9 breaks winbind in ADS

Bug 144357 - upgrade of 3.0.7 -> 3.0.9 breaks winbind in ADS

Summary: upgrade of 3.0.7 -> 3.0.9 breaks winbind in ADS

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	samba
Sub Component:
Version:	3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jay Fenlason
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-01-06 14:49 UTC by Tom Seeley
Modified:	2014-08-31 23:27 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-01-13 15:13:33 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
smb.conf (sensitive names modified to protect the innocent) (1011 bytes, text/plain) 2005-01-06 15:20 UTC, Tom Seeley	no flags	Details
View All

Description Tom Seeley 2005-01-06 14:49:21 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.5)
Gecko/20041110 Firefox/1.0

Description of problem:
After upgrading from:

samba-*-3.0.7-1.3E.1

to:

samba-*-3.0.9-1.3E.1

Winbind stops working.  The following commands now fail:

# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret

The above results in the following entry in /var/log/samba/winbindd.log :

[2005/01/06 14:18:06, 1] nsswitch/winbindd_cm.c:cm_open_connection(333)
  failed tcon_X with NT_STATUS_ACCESS_DENIED




Version-Release number of selected component (if applicable):
samba-3.0.9-1.3E.1

How reproducible:
Always

Steps to Reproduce:
1. Upgrade to samba-3.0.9-1.3E.1
2. Try and authenticate against ADS using winbind.  OR run wbinfo -t
3.
  

Actual Results:  The user is not authenticated.  AND :
# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret

Expected Results:  User is authenticated.  AND :

# wbinfo -t
checking the trust secret via RPC calls succeeded

Additional info:

I thought about adding this to #139668 but my problem doesn't seem to
have anything todo with Encryption types, and is happening with later
rpms.

As stated above the problem occurs after upgrading; regressing back to
3.0.7-1.3E.1 fixes the problem.

wbinfo -t works with 3.0.7-1.3E.1 but fails on 3.0.9-1.3E.1

getent passwd and getent group works with both but the output has
changed in 3.0.9-1.3E.1  (the computer names are now lowercase).

Comment 1 Jay Fenlason 2005-01-06 15:06:18 UTC

Did you also install the latest krb5 rpms?  Can you attach your 
smb.conf files to this bug report?

Comment 2 Tom Seeley 2005-01-06 15:20:14 UTC

Created attachment 109424 [details]
smb.conf (sensitive names modified to protect the innocent)

Comment 3 Tom Seeley 2005-01-06 15:21:42 UTC

krb5 rpms:

# rpm -qa krb5*
krb5-libs-1.2.7-31
krb5-devel-1.2.7-31
krb5-workstation-1.2.7-31

Comment 4 Tom Seeley 2005-01-06 16:07:41 UTC

Looks like I somehow missed samba-3.0.9-1.3E.2  which despite the fact
that it would appear to just be a spec file change and a fix for
64-bit (which I'm not using) fixes the above problem.

Oh well.

Comment 5 Jay Fenlason 2005-01-12 22:12:52 UTC

So did installing samba-3.0.9-1.3E.2 fix your problem?  Ifso, can we 
close this bug report?

Comment 6 Tom Seeley 2005-01-13 10:43:50 UTC

It did, and you can.  Thanks.

Note You need to log in before you can comment on or make changes to this bug.