Description of problem:Upgrading samba3x to samba3x-3.5.4-0.70.el5_6.1.x86_64 breaks ntlm auth. Version-Release number of selected component (if applicable): samba3x-3.5.4-0.70.el5_6.1.x86_64 How reproducible: Always Steps to Reproduce: 1.Upgrade samba3x to samba3x-3.5.4-0.70.el5_6.1.x86_64 2. Run the following command /usr/bin/ntlm_auth --username=myuser 3. Actual results: [2011/06/09 10:21:19.538041, 2] winbindd/winbindd_pam.c:2001(winbindd_dual_pam_auth_crap) NTLM CRAP authentication for user [mydomain]\[myuser] returned NT_STATUS_INVALID_HANDLE(PAM:4) Expected results: NT_STATUS_OK: Success (0x0) Additional info: downgrading samba 3x to samba3x-3.3.8-0.52.el5_5.2 fixes the problem. After down grading running the following command now works. (indy pts3) # /usr/bin/ntlm_auth --username=myuser password: NT_STATUS_OK: Success (0x0) (indy pts3)# In addition I get the following in the logs: [2011/06/09 18:18:30, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)init_sam_from_ldap: Entry found for user: myuser [2011/06/09 18:18:30, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [myuser] -> [myuser] -> [myuser] succeeded
are you running ntlm_auth on a DC or on a MEMBER server ?
It is running on a DC.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0156.html