713466 – Upgrading samba3x to samba3x-3.5.4-0.70.el5_6.1.x86_64 breaks ntlm auth

Bug 713466 - Upgrading samba3x to samba3x-3.5.4-0.70.el5_6.1.x86_64 breaks ntlm auth

Summary: Upgrading samba3x to samba3x-3.5.4-0.70.el5_6.1.x86_64 breaks ntlm auth

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	samba3x
Sub Component:
Version:	5.6
Hardware:	x86_64
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Guenther Deschner
QA Contact:	Martin Cermak
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-06-15 13:48 UTC by Tom Diehl
Modified:	2018-11-14 12:02 UTC (History)
CC List:	5 users (show)
Fixed In Version:	samba3x-3.5.4-0.88.el5
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-02-21 05:44:00 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2012:0156	0	normal	SHIPPED_LIVE	samba3x bug fix and enhancement update	2012-02-20 14:54:20 UTC

Description Tom Diehl 2011-06-15 13:48:04 UTC

Description of problem:Upgrading samba3x to samba3x-3.5.4-0.70.el5_6.1.x86_64 breaks ntlm auth. 


Version-Release number of selected component (if applicable):

samba3x-3.5.4-0.70.el5_6.1.x86_64


How reproducible: Always


Steps to Reproduce:
1.Upgrade samba3x to samba3x-3.5.4-0.70.el5_6.1.x86_64
2. Run the following command /usr/bin/ntlm_auth --username=myuser
3. 
  
Actual results:

[2011/06/09 10:21:19.538041, 2] winbindd/winbindd_pam.c:2001(winbindd_dual_pam_auth_crap) NTLM CRAP authentication for user [mydomain]\[myuser] returned NT_STATUS_INVALID_HANDLE(PAM:4)

Expected results:
NT_STATUS_OK: Success (0x0)

Additional info: downgrading samba 3x to samba3x-3.3.8-0.52.el5_5.2 fixes the problem.

After down grading running the following command now works.

(indy pts3) # /usr/bin/ntlm_auth --username=myuser
password:

NT_STATUS_OK: Success (0x0)
(indy pts3)#

In addition I get the following in the logs:

[2011/06/09 18:18:30, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571)init_sam_from_ldap: Entry found for user: myuser
[2011/06/09 18:18:30, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [myuser] -> [myuser] -> [myuser] succeeded

Comment 2 Guenther Deschner 2011-06-16 22:08:30 UTC

are you running ntlm_auth on a DC or on a MEMBER server ?

Comment 3 Tom Diehl 2011-06-16 23:44:17 UTC

It is running on a DC.

Comment 30 errata-xmlrpc 2012-02-21 05:44:00 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0156.html

Note You need to log in before you can comment on or make changes to this bug.