Description of problem: Samba3x needs to update to version 3.3.5 (for the main tarball). The compelling reason for this update is that versions prior to 3.3.5 had a broken implementation of two fundamental security subsystems: a) netlogon credential chain b) samr access checks ad a) When Samba3x is run as a domain controller on a server, machines cannot join and users cannot correctly authenticate against Samba3x as the netlogon dcerpc server will deny access unconditionally. ad b) When Samba3x is run as a domain controller on a server, machines cannot access the user and group list which means clients such as windows or linux running winbindd are not able to retrieve the list of user and groups from a Samba DC, completely blocking access control among many other things. Version-Release number of selected component (if applicable): samba3x-3.3.4 How reproducible: join a windows or linux client to a Samba3x domain and try to authenticate and enumerate the user and group list. Steps to Reproduce: 1. configure a samba3x dc with a few users 2. call "net rpc join" from a linux client 3. verify join using "net rpc testjoin" 4. start winbindd 5. call "wbinfo -u" and "wbinfo -g" Actual results: step 3.) will return access denied step 5.) will return a generic error Expected results: step 3.) needs to return ok step 5.) needs to return users and groups Additional info:
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2010-0301.html