Bug 144357 - upgrade of 3.0.7 -> 3.0.9 breaks winbind in ADS
upgrade of 3.0.7 -> 3.0.9 breaks winbind in ADS
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: samba (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jay Fenlason
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-01-06 09:49 EST by Tom Seeley
Modified: 2014-08-31 19:27 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-01-13 10:13:33 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
smb.conf (sensitive names modified to protect the innocent) (1011 bytes, text/plain)
2005-01-06 10:20 EST, Tom Seeley
no flags Details

  None (edit)
Description Tom Seeley 2005-01-06 09:49:21 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.5)
Gecko/20041110 Firefox/1.0

Description of problem:
After upgrading from:

samba-*-3.0.7-1.3E.1

to:

samba-*-3.0.9-1.3E.1

Winbind stops working.  The following commands now fail:

# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret

The above results in the following entry in /var/log/samba/winbindd.log :

[2005/01/06 14:18:06, 1] nsswitch/winbindd_cm.c:cm_open_connection(333)
  failed tcon_X with NT_STATUS_ACCESS_DENIED




Version-Release number of selected component (if applicable):
samba-3.0.9-1.3E.1

How reproducible:
Always

Steps to Reproduce:
1. Upgrade to samba-3.0.9-1.3E.1
2. Try and authenticate against ADS using winbind.  OR run wbinfo -t
3.
  

Actual Results:  The user is not authenticated.  AND :
# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret

Expected Results:  User is authenticated.  AND :

# wbinfo -t
checking the trust secret via RPC calls succeeded

Additional info:

I thought about adding this to #139668 but my problem doesn't seem to
have anything todo with Encryption types, and is happening with later
rpms.

As stated above the problem occurs after upgrading; regressing back to
3.0.7-1.3E.1 fixes the problem.

wbinfo -t works with 3.0.7-1.3E.1 but fails on 3.0.9-1.3E.1

getent passwd and getent group works with both but the output has
changed in 3.0.9-1.3E.1  (the computer names are now lowercase).
Comment 1 Jay Fenlason 2005-01-06 10:06:18 EST
Did you also install the latest krb5 rpms?  Can you attach your 
smb.conf files to this bug report? 
Comment 2 Tom Seeley 2005-01-06 10:20:14 EST
Created attachment 109424 [details]
smb.conf (sensitive names modified to protect the innocent)
Comment 3 Tom Seeley 2005-01-06 10:21:42 EST
krb5 rpms:

# rpm -qa krb5*
krb5-libs-1.2.7-31
krb5-devel-1.2.7-31
krb5-workstation-1.2.7-31
Comment 4 Tom Seeley 2005-01-06 11:07:41 EST
Looks like I somehow missed samba-3.0.9-1.3E.2  which despite the fact
that it would appear to just be a spec file change and a fix for
64-bit (which I'm not using) fixes the above problem.

Oh well.
Comment 5 Jay Fenlason 2005-01-12 17:12:52 EST
So did installing samba-3.0.9-1.3E.2 fix your problem?  Ifso, can we 
close this bug report? 
Comment 6 Tom Seeley 2005-01-13 05:43:50 EST
It did, and you can.  Thanks.

Note You need to log in before you can comment on or make changes to this bug.