Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 713466

Summary: Upgrading samba3x to samba3x-3.5.4-0.70.el5_6.1.x86_64 breaks ntlm auth
Product: Red Hat Enterprise Linux 5 Reporter: Tom Diehl <me>
Component: samba3xAssignee: Guenther Deschner <gdeschner>
Status: CLOSED ERRATA QA Contact: Martin Cermak <mcermak>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 5.6CC: acavalla, azelinka, dpal, mcermak, prc
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: samba3x-3.5.4-0.88.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-21 05:44:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tom Diehl 2011-06-15 13:48:04 UTC 
Description of problem:Upgrading samba3x to samba3x-3.5.4-0.70.el5_6.1.x86_64 breaks ntlm auth. 


Version-Release number of selected component (if applicable):

samba3x-3.5.4-0.70.el5_6.1.x86_64


How reproducible: Always


Steps to Reproduce:
1.Upgrade samba3x to samba3x-3.5.4-0.70.el5_6.1.x86_64
2. Run the following command /usr/bin/ntlm_auth --username=myuser
3. 
  
Actual results:

[2011/06/09 10:21:19.538041, 2] winbindd/winbindd_pam.c:2001(winbindd_dual_pam_auth_crap) NTLM CRAP authentication for user [mydomain]\[myuser] returned NT_STATUS_INVALID_HANDLE(PAM:4)

Expected results:
NT_STATUS_OK: Success (0x0)

Additional info: downgrading samba 3x to samba3x-3.3.8-0.52.el5_5.2 fixes the problem.

After down grading running the following command now works.

(indy pts3) # /usr/bin/ntlm_auth --username=myuser
password:

NT_STATUS_OK: Success (0x0)
(indy pts3)#

In addition I get the following in the logs:

[2011/06/09 18:18:30, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)init_sam_from_ldap: Entry found for user: myuser
[2011/06/09 18:18:30, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [myuser] -> [myuser] -> [myuser] succeeded
Comment 2 Guenther Deschner 2011-06-16 22:08:30 UTC 
are you running ntlm_auth on a DC or on a MEMBER server ?
Comment 3 Tom Diehl 2011-06-16 23:44:17 UTC 
It is running on a DC.
Comment 30 errata-xmlrpc 2012-02-21 05:44:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0156.html