Package: samba Version: 2:3.6.3-1 Severity: important Hello,
I used Samba 3.4.8 on Lenny for Wi-Fi authentification with Freeradius+EAP/MSCHAPv2+ntlm_auth. I upgraded to Squeeze friday. Firstly, I need to use samba from Sid because #612049 ; secondly, I have a bug/regression : when a workstation (XP or Seven) try to authenticate, I have this error: [2012/02/05 11:16:24.418248, 2] auth/check_samsec.c:283(sam_account_ok) sam_account_ok: Wksta trust account hostname$ denied by server [2012/02/05 11:16:24.418323, 2] winbindd/winbindd_pam.c:1883(winbindd_dual_pam_auth_crap) NTLM CRAP authentication for user [DOMAINE]\[HOSTNAME$] returned NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT (PAM: 9) Then all workstations fail to authenticate and have Wi-Fi :-( For your information, I look in Samba 3 source code, and I find this condition in auth/check_samsec.c file: if (acct_ctrl & ACB_WSTRUST) { if (!(user_info->logon_parameters & MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT)) { DEBUG(2,("sam_account_ok: Wksta trust account %s denied by server\n", pdb_get_username(sampass))); return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT; } } I don't think workstations stop to send MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flag, then the bug is probably with handling logon_parameters. Samba bug 8548[*] is interessant but the fix is already in 3.6.3 ! Another information, I try a crapy hack: disable this condition in source code and rebuild samba package: it works well. [*] https://bugzilla.samba.org/show_bug.cgi?id=8548 Regards, -- Gregory Colpart <r...@evolix.fr> GnuPG:4096R/B8612B5D Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org