Bug 713466 - Upgrading samba3x to samba3x-3.5.4-0.70.el5_6.1.x86_64 breaks ntlm auth
Summary: Upgrading samba3x to samba3x-3.5.4-0.70.el5_6.1.x86_64 breaks ntlm auth
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: samba3x
Version: 5.6
Hardware: x86_64
OS: Linux
Target Milestone: rc
: ---
Assignee: Guenther Deschner
QA Contact: Martin Cermak
Depends On:
TreeView+ depends on / blocked
Reported: 2011-06-15 13:48 UTC by Tom Diehl
Modified: 2018-11-14 12:02 UTC (History)
5 users (show)

Fixed In Version: samba3x-3.5.4-0.88.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2012-02-21 05:44:00 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0156 0 normal SHIPPED_LIVE samba3x bug fix and enhancement update 2012-02-20 14:54:20 UTC

Description Tom Diehl 2011-06-15 13:48:04 UTC
Description of problem:Upgrading samba3x to samba3x-3.5.4-0.70.el5_6.1.x86_64 breaks ntlm auth. 

Version-Release number of selected component (if applicable):


How reproducible: Always

Steps to Reproduce:
1.Upgrade samba3x to samba3x-3.5.4-0.70.el5_6.1.x86_64
2. Run the following command /usr/bin/ntlm_auth --username=myuser
Actual results:

[2011/06/09 10:21:19.538041, 2] winbindd/winbindd_pam.c:2001(winbindd_dual_pam_auth_crap) NTLM CRAP authentication for user [mydomain]\[myuser] returned NT_STATUS_INVALID_HANDLE(PAM:4)

Expected results:
NT_STATUS_OK: Success (0x0)

Additional info: downgrading samba 3x to samba3x-3.3.8-0.52.el5_5.2 fixes the problem.

After down grading running the following command now works.

(indy pts3) # /usr/bin/ntlm_auth --username=myuser

NT_STATUS_OK: Success (0x0)
(indy pts3)#

In addition I get the following in the logs:

[2011/06/09 18:18:30, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)init_sam_from_ldap: Entry found for user: myuser
[2011/06/09 18:18:30, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [myuser] -> [myuser] -> [myuser] succeeded

Comment 2 Guenther Deschner 2011-06-16 22:08:30 UTC
are you running ntlm_auth on a DC or on a MEMBER server ?

Comment 3 Tom Diehl 2011-06-16 23:44:17 UTC
It is running on a DC.

Comment 30 errata-xmlrpc 2012-02-21 05:44:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.