Bug 1461434 - Changetrustpw throws NT_STATUS_INVALID_PARAMETER
Changetrustpw throws NT_STATUS_INVALID_PARAMETER
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: samba (Show other bugs)
7.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Andreas Schneider
Andrej Dzilský
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-14 08:51 EDT by Andrej Dzilský
Modified: 2017-08-15 05:02 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 3 Andreas Schneider 2017-06-19 06:53:36 EDT
samba-cli01:~ # net ads join -UAdministrator%Secret007!
Using short domain name -- EARTH
Joined 'SAMBA-CLI01' to dns domain 'earth.milkyway.site'

samba-cli01:~ # net ads testjoin
Join is OK

samba-cli01:~ # net rpc changetrustpw
2017/06/19 12:38:05 : trust_pw_change(EARTH): Verified old password remotely using netlogon_creds_cli:CLI[SAMBA-CLI01/SAMBA-CLI01$]/SRV[WIN-DC02/EARTH]
2017/06/19 12:38:05 : trust_pw_change(EARTH): Changed password locally
2017/06/19 12:38:05 : trust_pw_change(EARTH): Changed password remotely using netlogon_creds_cli:CLI[SAMBA-CLI01/SAMBA-CLI01$]/SRV[WIN-DC02/EARTH]
2017/06/19 12:38:05 : trust_pw_change(EARTH): Verified new password remotely using netlogon_creds_cli:CLI[SAMBA-CLI01/SAMBA-CLI01$]/SRV[WIN-DC02/EARTH]

samba-cli01:~ # net ads testjoin
Join is OK

samba-cli01:~ # net rpc changetrustpw -S win-dc02 -I 192.168.100.20
2017/06/19 12:41:15 : trust_pw_change(EARTH): Verified old password remotely using netlogon_creds_cli:CLI[SAMBA-CLI01/SAMBA-CLI01$]/SRV[WIN-DC02/EARTH]
2017/06/19 12:41:15 : trust_pw_change(EARTH): Changed password locally
2017/06/19 12:41:15 : trust_pw_change(EARTH): Changed password remotely using netlogon_creds_cli:CLI[SAMBA-CLI01/SAMBA-CLI01$]/SRV[WIN-DC02/EARTH]
2017/06/19 12:41:15 : trust_pw_change(EARTH): Verified new password remotely using netlogon_creds_cli:CLI[SAMBA-CLI01/SAMBA-CLI01$]/SRV[WIN-DC02/EARTH]

samba-cli01:~ # net ads testjoin
Join is OK



It works for me against Windows 2008 R2. I have to test with Windows 2003, maybe something is wrong there. I've also checked, we have a test for this command upstream.
Comment 4 Andreas Schneider 2017-06-19 07:34:51 EDT
This is against Windows 2003:

samba-cli01:~ # net ads join -UAdministrator%Secret007!
Using short domain name -- VENUS
Joined 'SAMBA-CLI01' to dns domain 'venus.milkyway.site'
No DNS domain configured for samba-cli01. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER
samba-cli01:~ # net ads testjoin
Join is OK
samba-cli01:~ # net rpc changetrustpw
2017/06/19 13:33:59 : trust_pw_change(VENUS): Verified old password remotely using netlogon_creds_cli:CLI[SAMBA-CLI01/SAMBA-CLI01$]/SRV[WIN-DC05/VENUS]
2017/06/19 13:33:59 : trust_pw_change(VENUS): Changed password locally
2017/06/19 13:33:59 : trust_pw_change(VENUS): Changed password remotely using netlogon_creds_cli:CLI[SAMBA-CLI01/SAMBA-CLI01$]/SRV[WIN-DC05/VENUS]
2017/06/19 13:33:59 : trust_pw_change(VENUS): Verified new password remotely using netlogon_creds_cli:CLI[SAMBA-CLI01/SAMBA-CLI01$]/SRV[WIN-DC05/VENUS]


I'm not able to reproduce this!
Comment 5 Andreas Schneider 2017-06-19 10:34:43 EDT
Anything on your side what is special in that test of yours? I can't reproduce this.
Comment 6 Andreas Schneider 2017-06-20 09:45:23 EDT
Moving to 7.5
Comment 8 Andreas Schneider 2017-06-21 10:09:00 EDT
Ok, as it is with 'security = domain' and ADS I do not see an urgent need to fix this. So I think it is fine to check for RHEL 7.5.
Comment 9 Alexander Bokovoy 2017-07-04 11:04:08 EDT
It may be related to 5b8ed5009bb4868c1391841193a3911fb0681cb5 which now sends SPNEGO in 4.6.0 but wasn't doing it at this stage of negotiation in 4.4.
Comment 10 Andrej Dzilský 2017-08-15 05:02:06 EDT
It's happening on 4.6.2 samba too :/

Note You need to log in before you can comment on or make changes to this bug.