Red Hat Bugzilla – Bug 154558
Winbind refuses to authenticate against Windows 2003 SP1
Last modified: 2014-08-31 19:27:23 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.6) Gecko/20050331 Camino/0.8.3
Description of problem:
When authenticating against Windows 2003 SP1, there is a problem with LSAOPEN that doesn't occur with non-SP1 systems. This is fixed in Samba 3.0.14.
Specifically, this appears to be the patch for the problem against 3.0.13...
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Setup system-config-authentication to use winbind against a 2003 server (non-sp1)
2. Check authentication. Works.
3. Upgradet 2003 server to SP1
4. Check authentication. Doesn't work.
5. Remove SP1 from 2003 server.
6. Check authentication. Works again.
The temporary workaround for this is to set the following in the [global]
section of the smb.conf file:
"client schannel = no"
This allows samba to fall back to an alternate crypto api and work with 2003sp1
Will build a 3.0.10-1.4E-based Samba RPM for RHEL4 and try this patch out and
report back on how it works. I have a Windows 2003 server here in my test
environ so should be able to confirm if it works. Will post an update here to
Work around provided by Marcin works. Also the FC4 samba RPM works without the
workaround (on FC4. Did not attempt to recompile for RHEL3/4)
Will we see an updated samba package for RHEL 4 (and possibly FC3 as well) in
the forseable future?
I'm surprised to see that a fix was just released for RHEL 3, but not RHEL 4.
Hopefully that will follow soon.
I just found out there is a beta fix available on the RHEL 4 beta channel:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.