Package: samba
Version: 2:3.6.3-1
Severity: important
Hello,
I used Samba 3.4.8 on Lenny for Wi-Fi authentification
with Freeradius+EAP/MSCHAPv2+ntlm_auth. I upgraded to
Squeeze friday. Firstly, I need to use samba from Sid because
#612049 ; secondly, I have a bug/regression : when a workstation
(XP or Seven) try to authenticate, I have this error:
[2012/02/05 11:16:24.418248, 2] auth/check_samsec.c:283(sam_account_ok)
sam_account_ok: Wksta trust account hostname$ denied by server
[2012/02/05 11:16:24.418323, 2]
winbindd/winbindd_pam.c:1883(winbindd_dual_pam_auth_crap)
NTLM CRAP authentication for user [DOMAINE]\[HOSTNAME$] returned
NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT (PAM: 9)
Then all workstations fail to authenticate and have Wi-Fi :-(
For your information, I look in Samba 3 source code, and I find
this condition in auth/check_samsec.c file:
if (acct_ctrl & ACB_WSTRUST) {
if (!(user_info->logon_parameters &
MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT)) {
DEBUG(2,("sam_account_ok: Wksta trust account %s denied by
server\n", pdb_get_username(sampass)));
return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT;
}
}
I don't think workstations stop to send MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
flag,
then the bug is probably with handling logon_parameters. Samba bug 8548[*] is
interessant but the fix is already in 3.6.3 ! Another information, I try a
crapy hack:
disable this condition in source code and rebuild samba package: it works well.
[*] https://bugzilla.samba.org/show_bug.cgi?id=8548
Regards,
--
Gregory Colpart <r...@evolix.fr> GnuPG:4096R/B8612B5D
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
