From Bugzilla Helper: User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.6) Gecko/20050331 Camino/0.8.3 Description of problem: When authenticating against Windows 2003 SP1, there is a problem with LSAOPEN that doesn't occur with non-SP1 systems. This is fixed in Samba 3.0.14. Specifically, this appears to be the patch for the problem against 3.0.13... http://samba.org/~jerry/patches/post-3.0.13/winbindd_2k3sp1.patch Version-Release number of selected component (if applicable): samba-common-3.0.10-1.4E How reproducible: Always Steps to Reproduce: 1. Setup system-config-authentication to use winbind against a 2003 server (non-sp1) 2. Check authentication. Works. 3. Upgradet 2003 server to SP1 4. Check authentication. Doesn't work. 5. Remove SP1 from 2003 server. 6. Check authentication. Works again. Additional info:
The temporary workaround for this is to set the following in the [global] section of the smb.conf file: "client schannel = no" This allows samba to fall back to an alternate crypto api and work with 2003sp1
Will build a 3.0.10-1.4E-based Samba RPM for RHEL4 and try this patch out and report back on how it works. I have a Windows 2003 server here in my test environ so should be able to confirm if it works. Will post an update here to advise. --vince
Work around provided by Marcin works. Also the FC4 samba RPM works without the workaround (on FC4. Did not attempt to recompile for RHEL3/4) Tarun
Will we see an updated samba package for RHEL 4 (and possibly FC3 as well) in the forseable future?
I'm surprised to see that a fix was just released for RHEL 3, but not RHEL 4. Hopefully that will follow soon. http://rhn.redhat.com/errata/RHBA-2005-634.html
I just found out there is a beta fix available on the RHEL 4 beta channel: https://rhn.redhat.com/network/software/packages/details.pxt?pid=321817
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2005-629.html