Bug 165607 - Interoperability problems with Win2003-SP1 & Win2000-SP4.SR1
Summary: Interoperability problems with Win2003-SP1 & Win2000-SP4.SR1
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: samba
Version: 3.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Simo Sorce
QA Contact: David Lawrence
Keywords: Reopened
Depends On:
TreeView+ depends on / blocked
Reported: 2005-08-10 19:06 UTC by Pasi Sjöholm
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2007-10-19 18:56:18 UTC

Attachments (Terms of Use)

Description Pasi Sjöholm 2005-08-10 19:06:27 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

Description of problem:
Winbindd stopped working after upgrading Windows machines. Fixed in Samba 3.0.20.

Release Notes for Samba 3.0.20rc1

    * Disable schannel on the LSA and SAMR pipes in winbindd client 
      code to deal with Windows 2003 SP1 and Windows 2000 SP4 SR1.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Upgrade your windows servers

Additional info:

Comment 1 Jay Fenlason 2005-08-10 19:48:31 UTC

*** This bug has been marked as a duplicate of 156068 ***

Comment 2 Pasi Sjöholm 2005-11-15 18:49:59 UTC
Actually this bug is not the same as 156068.
The newest redhat's samba package does not authenticate againts windows when 
using security=domain.

However 2.0.20a is working fine.

Samba 2.0.20a release notes:

Winbind, security = domain, and Active Directory

Recent security updates for Windows 2000 and Windows 2003 have 
changed the fashion in which user and group lists can be obtained 
from domain controllers.  In short, the RPC mechanisms used by 
"security = domain" to retrieve users and groups is not compatible 
with these changes.   The "security = ads" configuration is not 
affected by the Windows protocol changes.

Samba developers are actively working to correct this problem in 
the 3.0.21 release.  In the meantime, Administrators who are unable 
to migrate to "security = ads" and must continue using "security = 
domain", can define credentials to be used by winbindd for account
enumeration by executing the following command as root.

	wbinfo --set-auth-user='DOMAIN\username%password'

Comment 3 Red Hat Bugzilla 2007-02-05 19:16:31 UTC
REOPENED status has been deprecated. ASSIGNED with keyword of Reopened is preferred.

Comment 4 RHEL Product and Program Management 2007-10-19 18:56:18 UTC
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
For more information of the RHEL errata support policy, please visit:
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.

Note You need to log in before you can comment on or make changes to this bug.