Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 154558 - Winbind refuses to authenticate against Windows 2003 SP1
Summary: Winbind refuses to authenticate against Windows 2003 SP1
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: samba
Version: 4.0
Hardware: i686
OS: Linux
Target Milestone: ---
: ---
Assignee: Jay Fenlason
QA Contact: David Lawrence
URL: http://us1.samba.org/samba/history/sa...
Depends On:
Blocks: 156323
TreeView+ depends on / blocked
Reported: 2005-04-12 17:53 UTC by Tarun Reddy
Modified: 2014-08-31 23:27 UTC (History)
7 users (show)

Fixed In Version: RHBA-2005-629
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-10-05 15:33:54 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2005:629 0 qe-ready SHIPPED_LIVE Updated Samba packages 2005-10-05 04:00:00 UTC

Description Tarun Reddy 2005-04-12 17:53:02 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.6) Gecko/20050331 Camino/0.8.3

Description of problem:
When authenticating against Windows 2003 SP1, there is a problem with LSAOPEN that doesn't occur with non-SP1 systems. This is fixed in Samba 3.0.14.

Specifically, this appears to be the patch for the problem against 3.0.13...


Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Setup system-config-authentication to use winbind against a 2003 server (non-sp1)
2. Check authentication. Works.
3. Upgradet 2003 server to SP1
4. Check authentication. Doesn't work.
5. Remove SP1 from 2003 server.
6. Check authentication. Works again.

Additional info:

Comment 6 Marcin Krzysztof Porwit 2005-06-01 23:47:03 UTC
The temporary workaround for this is to set the following in the [global]
section of the smb.conf file:
  "client schannel = no"
This allows samba to fall back to an alternate crypto api and work with 2003sp1

Comment 10 Vince Worthington 2005-06-15 19:15:53 UTC
Will build a 3.0.10-1.4E-based Samba RPM for RHEL4 and try this patch out and
report back on how it works.  I have a Windows 2003 server here in my test
environ  so should be able to confirm if it works.  Will post an update here to


Comment 14 Tarun Reddy 2005-07-06 15:30:27 UTC
Work around provided by Marcin works. Also the FC4 samba RPM works without the
workaround (on FC4. Did not attempt to recompile for RHEL3/4)


Comment 15 David Jansen 2005-07-21 12:57:03 UTC
Will we see an updated samba package for RHEL 4 (and possibly FC3 as well) in
the forseable future?

Comment 18 Matt Seitz 2005-09-28 16:33:53 UTC
I'm surprised to see that a fix was just released for RHEL 3, but not RHEL 4. 
Hopefully that will follow soon.


Comment 19 Matt Seitz 2005-09-28 16:49:30 UTC
I just found out there is a beta fix available on the RHEL 4 beta channel:


Comment 20 Red Hat Bugzilla 2005-10-05 15:33:54 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.