Your message dated Sat, 11 Jun 2011 19:55:12 +0000
with message-id <[email protected]>
and subject line Bug#623190: fixed in samba 2:3.5.6~dfsg-3squeeze4
has caused the Debian Bug report #623190,
regarding 'map untrusted to domain' new default breaks backwards compatibility
with clients outside of the server domain
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
623190: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623190
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: samba
Version: 2:3.5.6~dfsg-3squeeze2
Hi,
I have several Samba servers running in a domain of their own that was
created so that they can all authenticate users from the same set of LDAP
back-end servers. Whereas, their clients aren't part of that domain, they
don't even know about it. It's supposed to be a reasonably simple use
case...
A new global option "map untrusted to domain" was introduced between lenny
and squeeze, and its newly introduced default of "no" blithely broke the
existing behaviour of the above use case, with the manual page proclaiming
it "legacy".
I found this bug after a bunch of users started screaming at me "our valid
passwords are being rejected by the server", and most of the time I was
seeing exactly zero useful information in the log, even at auth log level
100 - the purported reauth attempts they didn't actually communicate their
username again with the server, the only log was something like:
[2011/04/14 12:44:09.035546, 5] auth/auth.c:467(make_auth_context_subsystem)
Making default auth method list for security=domain
[2011/04/14 12:44:09.035579, 5] auth/auth.c:383(load_auth_module)
load_auth_module: Attempting to find an auth method to match guest
[2011/04/14 12:44:09.035639, 5] auth/auth.c:408(load_auth_module)
load_auth_module: auth method guest has a valid init
[2011/04/14 12:44:09.035666, 5] auth/auth.c:383(load_auth_module)
load_auth_module: Attempting to find an auth method to match sam
[2011/04/14 12:44:09.035693, 5] auth/auth.c:408(load_auth_module)
load_auth_module: auth method sam has a valid init
[2011/04/14 12:44:09.035719, 5] auth/auth.c:383(load_auth_module)
load_auth_module: Attempting to find an auth method to match winbind:ntdomain
[2011/04/14 12:44:09.035747, 5] auth/auth.c:383(load_auth_module)
load_auth_module: Attempting to find an auth method to match ntdomain
[2011/04/14 12:44:09.035774, 5] auth/auth.c:408(load_auth_module)
load_auth_module: auth method ntdomain has a valid init
[2011/04/14 12:44:09.035800, 5] auth/auth.c:408(load_auth_module)
load_auth_module: auth method winbind has a valid init
[2011/04/14 12:44:09.035833, 5] auth/auth.c:97(get_ntlm_challenge)
auth_get_challenge: module guest did not want to specify a challenge
[2011/04/14 12:44:09.035858, 5] auth/auth.c:97(get_ntlm_challenge)
auth_get_challenge: module sam did not want to specify a challenge
[2011/04/14 12:44:09.035884, 5] auth/auth.c:97(get_ntlm_challenge)
auth_get_challenge: module winbind did not want to specify a challenge
[2011/04/14 12:44:09.035917, 5] auth/auth.c:132(get_ntlm_challenge)
auth_context challenge created by random
[2011/04/14 12:44:09.035943, 5] auth/auth.c:133(get_ntlm_challenge)
challenge is:
Please:
a) make the above messages less obfuscated - apparently the implication
from the above sequence is that no modules wanted to have anything to do
with the request, and the client was answered with something that in turn
made no sense to them - that particular use case should be possible to
detect and make it explicit that our internal auth process basically
failed and caused the user a problem
b) provide help for upgraders - add the line to the new default config
file, note the problem in NEWS.Debian, ...
The damage to me and my users was already done :P but hopefully others
can still be saved from this trouble.
TIA.
--
2. That which causes joy or happiness.
--- End Message ---
--- Begin Message ---
Source: samba
Source-Version: 2:3.5.6~dfsg-3squeeze4
We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive:
libpam-smbpass_3.5.6~dfsg-3squeeze4_i386.deb
to main/s/samba/libpam-smbpass_3.5.6~dfsg-3squeeze4_i386.deb
libsmbclient-dev_3.5.6~dfsg-3squeeze4_i386.deb
to main/s/samba/libsmbclient-dev_3.5.6~dfsg-3squeeze4_i386.deb
libsmbclient_3.5.6~dfsg-3squeeze4_i386.deb
to main/s/samba/libsmbclient_3.5.6~dfsg-3squeeze4_i386.deb
libwbclient0_3.5.6~dfsg-3squeeze4_i386.deb
to main/s/samba/libwbclient0_3.5.6~dfsg-3squeeze4_i386.deb
samba-common-bin_3.5.6~dfsg-3squeeze4_i386.deb
to main/s/samba/samba-common-bin_3.5.6~dfsg-3squeeze4_i386.deb
samba-common_3.5.6~dfsg-3squeeze4_all.deb
to main/s/samba/samba-common_3.5.6~dfsg-3squeeze4_all.deb
samba-dbg_3.5.6~dfsg-3squeeze4_i386.deb
to main/s/samba/samba-dbg_3.5.6~dfsg-3squeeze4_i386.deb
samba-doc-pdf_3.5.6~dfsg-3squeeze4_all.deb
to main/s/samba/samba-doc-pdf_3.5.6~dfsg-3squeeze4_all.deb
samba-doc_3.5.6~dfsg-3squeeze4_all.deb
to main/s/samba/samba-doc_3.5.6~dfsg-3squeeze4_all.deb
samba-tools_3.5.6~dfsg-3squeeze4_i386.deb
to main/s/samba/samba-tools_3.5.6~dfsg-3squeeze4_i386.deb
samba_3.5.6~dfsg-3squeeze4.debian.tar.gz
to main/s/samba/samba_3.5.6~dfsg-3squeeze4.debian.tar.gz
samba_3.5.6~dfsg-3squeeze4.dsc
to main/s/samba/samba_3.5.6~dfsg-3squeeze4.dsc
samba_3.5.6~dfsg-3squeeze4_i386.deb
to main/s/samba/samba_3.5.6~dfsg-3squeeze4_i386.deb
smbclient_3.5.6~dfsg-3squeeze4_i386.deb
to main/s/samba/smbclient_3.5.6~dfsg-3squeeze4_i386.deb
swat_3.5.6~dfsg-3squeeze4_i386.deb
to main/s/samba/swat_3.5.6~dfsg-3squeeze4_i386.deb
winbind_3.5.6~dfsg-3squeeze4_i386.deb
to main/s/samba/winbind_3.5.6~dfsg-3squeeze4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Perrier <[email protected]> (supplier of updated samba package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 11 Jun 2011 11:05:52 +0200
Source: samba
Binary: samba samba-common-bin samba-common samba-tools smbclient swat
samba-doc samba-doc-pdf libpam-smbpass libsmbclient libsmbclient-dev winbind
samba-dbg libwbclient0
Architecture: source all i386
Version: 2:3.5.6~dfsg-3squeeze4
Distribution: stable-proposed-updates
Urgency: low
Maintainer: Debian Samba Maintainers <[email protected]>
Changed-By: Christian Perrier <[email protected]>
Description:
libpam-smbpass - pluggable authentication module for Samba
libsmbclient - shared library for communication with SMB/CIFS servers
libsmbclient-dev - development files for libsmbclient
libwbclient0 - Samba winbind client library
samba - SMB/CIFS file, print, and login server for Unix
samba-common - common files used by both the Samba server and client
samba-common-bin - common files used by both the Samba server and client
samba-dbg - Samba debugging symbols
samba-doc - Samba documentation
samba-doc-pdf - Samba documentation in PDF format
samba-tools - Samba testing utilities
smbclient - command-line SMB/CIFS clients for Unix
swat - Samba Web Administration Tool
winbind - Samba nameservice integration server
Closes: 623190 629183
Changes:
samba (2:3.5.6~dfsg-3squeeze4) stable-proposed-updates; urgency=low
.
* Document the newly introduced "map untrusted to domain" parameter
and its default value that can lead to disruptive behavioral
changes when upgrading from pre-3.5 versions.
Closes: #623190
* Fix "tdb2.so undefined symbol: dyn_get_STATEDIR" by fixing a typo
in fhs-filespath.patch. Closes: #629183, LP: #789097
Checksums-Sha1:
4d4d1333e3e5b99b0d1ac469a0bd4c39add71425 2957 samba_3.5.6~dfsg-3squeeze4.dsc
a81713a9b1bdcd6c13a92fb8ddbedee740126681 527642
samba_3.5.6~dfsg-3squeeze4.debian.tar.gz
0f9d9e9bfb990846fbce78eb18a9f22ef29bc46f 387644
samba-common_3.5.6~dfsg-3squeeze4_all.deb
628f4315f90d0eec090643dd2f8d0789e2d94c3c 1729442
samba-doc_3.5.6~dfsg-3squeeze4_all.deb
5dc8a523d9c7c631cd5b7ba16f81e4ca5e1adb0d 7108508
samba-doc-pdf_3.5.6~dfsg-3squeeze4_all.deb
63b8389234a6ff9dfecec48fba472b9bd1397b86 7637128
samba_3.5.6~dfsg-3squeeze4_i386.deb
141a4827d5d1257ace39ea06537a2ccecbeb08e9 5844906
samba-common-bin_3.5.6~dfsg-3squeeze4_i386.deb
7210bd9a1fd53d4cc59d78d09e3d0ac8259ba55c 10600676
samba-tools_3.5.6~dfsg-3squeeze4_i386.deb
5be26f54518692ef59f6bc80f643eaf73393d2fd 13841712
smbclient_3.5.6~dfsg-3squeeze4_i386.deb
210321c0f8b0bb60556934af2557791adf2a3cb4 2267234
swat_3.5.6~dfsg-3squeeze4_i386.deb
c52bb915f552454f5db228ea927f1e4acbe1bda5 829270
libpam-smbpass_3.5.6~dfsg-3squeeze4_i386.deb
c5d11f5e877f354df2e781f98e1b9f7a33323e23 1970618
libsmbclient_3.5.6~dfsg-3squeeze4_i386.deb
74a652ed3361922a592eed4d0c36598a5e6329eb 2899266
libsmbclient-dev_3.5.6~dfsg-3squeeze4_i386.deb
e6e14c369309e1f2630f1f58a82436dc3bf53f7f 5295908
winbind_3.5.6~dfsg-3squeeze4_i386.deb
899d8186285e96d46fe87418fbb2b9c2928b74e0 57312532
samba-dbg_3.5.6~dfsg-3squeeze4_i386.deb
2d25ae16ba72aa0a2188a2d63f0400633f97dd6b 112842
libwbclient0_3.5.6~dfsg-3squeeze4_i386.deb
Checksums-Sha256:
ee11535ba0dca9abdead646acea1b5616aa00f30cc2b2dc964e042662c3cc541 2957
samba_3.5.6~dfsg-3squeeze4.dsc
350acd3fa186ff851446ab9cdd85d86e8a8cb2c871f4ae7d3e740d70277bf29f 527642
samba_3.5.6~dfsg-3squeeze4.debian.tar.gz
e74ecfe3abfd4fa35df41fcbb3321a0934265ce967360621b315d5d6cc17d795 387644
samba-common_3.5.6~dfsg-3squeeze4_all.deb
44b944a641009a460994c09e43e153f8cf9622a5b2ffd8cbcf74aa27e662a752 1729442
samba-doc_3.5.6~dfsg-3squeeze4_all.deb
fe642defbc90e002d567ee6326c5708fbb77f9bfafea95fc506ae0d7e7ce081c 7108508
samba-doc-pdf_3.5.6~dfsg-3squeeze4_all.deb
68760903f6296fbcf8d2bba8c4b92affdb46fe785107bf69e454961e11a9f7a1 7637128
samba_3.5.6~dfsg-3squeeze4_i386.deb
8205dab07222b13c90e40ef12a15ed5dcbe3feeff642c2c9e582023f4509f6e2 5844906
samba-common-bin_3.5.6~dfsg-3squeeze4_i386.deb
0dc535de2334906b70100eac51de220daaa34c831e3eb978b0eeea866b5095b3 10600676
samba-tools_3.5.6~dfsg-3squeeze4_i386.deb
73843d35c21f557307693c72f8080083df89ce078df77ab363feae8fd7f60dee 13841712
smbclient_3.5.6~dfsg-3squeeze4_i386.deb
55affc587f554e463772d94433f40cf1dee504dfdca099166b65e746d71a46f8 2267234
swat_3.5.6~dfsg-3squeeze4_i386.deb
8ad8bdd4e63a580c4f1e5b95f0456ccde9439ee71cbd4839a42e7ec2ad4c4f64 829270
libpam-smbpass_3.5.6~dfsg-3squeeze4_i386.deb
44a1796fbe0e69e959e3429c3877c8e8104de6cc04afea52c4936a54d3225e9f 1970618
libsmbclient_3.5.6~dfsg-3squeeze4_i386.deb
2f21766835a7d46745c056cec6648ae75aee99e329a062cd9f71efa76d7c4374 2899266
libsmbclient-dev_3.5.6~dfsg-3squeeze4_i386.deb
4920af3893f90efb87607d89c9ce5cb47ed08c677a97bdc86247f9cdec4105b2 5295908
winbind_3.5.6~dfsg-3squeeze4_i386.deb
264b1b7ab1034dd74413c84660e95db68631f4f4e482a3b9f523ededff5fbe03 57312532
samba-dbg_3.5.6~dfsg-3squeeze4_i386.deb
fcb42dc2987c68c0d7e55522406b935a0fb7046be04d562cf50ae9bc522f33ba 112842
libwbclient0_3.5.6~dfsg-3squeeze4_i386.deb
Files:
e50715f9cde6dcfbccd57645dd193830 2957 net optional
samba_3.5.6~dfsg-3squeeze4.dsc
3e3415c656c608dd2b1b118fa79089e3 527642 net optional
samba_3.5.6~dfsg-3squeeze4.debian.tar.gz
2c7c516e70c5cfbedcc88f8ae0c4f8db 387644 net optional
samba-common_3.5.6~dfsg-3squeeze4_all.deb
3b4ca7dc5392f17c46e977a8572484b4 1729442 doc optional
samba-doc_3.5.6~dfsg-3squeeze4_all.deb
ffbbd27de79591dbfc75d75f60ba26e7 7108508 doc optional
samba-doc-pdf_3.5.6~dfsg-3squeeze4_all.deb
840f90833bdb95190835129fcb933b8f 7637128 net optional
samba_3.5.6~dfsg-3squeeze4_i386.deb
6ea6ab9eaac9e7197997f5562a7ac830 5844906 net optional
samba-common-bin_3.5.6~dfsg-3squeeze4_i386.deb
59fe685743d8b1be7de4f7b7a3c8bf65 10600676 net optional
samba-tools_3.5.6~dfsg-3squeeze4_i386.deb
379437562851c4def0be857e82eafc5a 13841712 net optional
smbclient_3.5.6~dfsg-3squeeze4_i386.deb
9c85a186f521cdf620c83bf1ffd08526 2267234 net optional
swat_3.5.6~dfsg-3squeeze4_i386.deb
b5132da2fe8a8837ccf364b638ce02d4 829270 admin extra
libpam-smbpass_3.5.6~dfsg-3squeeze4_i386.deb
024fc518eec75bbdea9f7e0efd74abfe 1970618 libs optional
libsmbclient_3.5.6~dfsg-3squeeze4_i386.deb
6d5b2a2951d66489cfc0b0c1dfd2e84d 2899266 libdevel extra
libsmbclient-dev_3.5.6~dfsg-3squeeze4_i386.deb
7db09b61d28263797edb381908300881 5295908 net optional
winbind_3.5.6~dfsg-3squeeze4_i386.deb
647694cd0e732f1b36700fe5fd96ed5b 57312532 debug extra
samba-dbg_3.5.6~dfsg-3squeeze4_i386.deb
34eccc84b32a78fd04d7800a0e38b364 112842 libs optional
libwbclient0_3.5.6~dfsg-3squeeze4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIVAwUBTfNaHocvcCxNbiWoAQLoaw/6A/BbdTxU9japWpvFo0ACR2y+mowqTWm9
Dfj3sjCyVmr1LOINU4RpShW7WpJqzV7/u5d3dFNG1wRb3OsCqQm5WkN+f+OJRZpb
MvaiMbHb+ewLXJE4HR4KMIa9mfIkQK2hVjuH1gIXHQ7YgDnNYVQ+wBbJK4e2QhDy
uuJEYHTF3w+lOW5LJ+bW/k5pfsyEyakSIuFkaaGZNVzOseyBaQNetdisdCZlekpq
UYRkhEY7SwUETjtZ421w9gbYxZBUitGuBAL34kcrkmXSC+bxdjbAbAYs68JLAMCz
BrY6x1KjK0YvPNxho/ewkatSY9W1b1b7S77p8Za93MN8wKCD2sgCPW6KKl2LuNse
mAGwT1r9A0ImLRy3TRD70/8GMwA+YWJO2sYAKRdpgeTec3Z3z/i5M5eiqMtopJ0h
fn602+rxTwzpCnEllWzfcUh97nrac/tpXeAh8L/jaN6kjDTV02uVFB7vGXpg2n21
GF6Yzi7pRe0YZIWlqAu3AXrCT6FvfpEpPJ0brZDbCC9YdvJ2X+ZXsNFLuOI4Ezx+
IY0mGxL2wTvCLebkr7+mlxptCUxMbzrkntvorv9OLTjqlvijjRuR3TCGOZKnITCk
+bIjTaLGb+TZbGApmaMkY6xwDSySH+B26vLT/+RkzaDPlAvEPDHcF0gfQeaULWpW
oqxI3YQs7ak=
=Qiqp
-----END PGP SIGNATURE-----
--- End Message ---
