We too have never used winbind, same as Jared Heath. Maybe that's the
reason why the update still doesn't solve the problem in our
environment.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1954342
I have this problem in all our environments.
I see this in the above quote from the patch"As we require a running
winbindd for domain member setups"
Since when? We don't use winbindd and never havethis worked until
this week.
--
You received this bug notification because you are a
Thank you. I've tried to install the new version of the package for our
release (18.04), samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.27, as suggested
by Marc Deslauriers. Unfortunately I see the same behavior, so I had to
roll back again.
--
You received this bug notification because you are a member
The following updates may help with this issue in certain environments:
https://ubuntu.com/security/notices/USN-5174-2
https://ubuntu.com/security/notices/USN-5142-3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I have uploaded packages that include an additional regression fix into
the security team PPA here:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Unfortunately the whole point of the security update was to change how
name lookups work. There is more information on the changes in the
upstream advisory here:
https://www.samba.org/samba/security/CVE-2020-25717.html
--
You received this bug notification because you are a member of Ubuntu
Hi,
yes the security fixes in
https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.26
might have affected that. Thanks Lorenzo for already identifying a candidate
and a config based workaround.
Assigning to security-team to have a look (as usual) at update
regressions.
**
I think I've found the problem:
Quoting from the last patch:
From: Ralph Boehme
Date: Fri, 8 Oct 2021 12:33:16 +0200
Subject: [PATCH 138/284] CVE-2020-25717: s3:auth: remove fallbacks in
smb_getpwnam()
So far we tried getpwnam("DOMAIN\account") first and
always did a fallback to
Oh yes, I forgot to mention: NT4 Domain Member Server users and groups
are resolved vis NSS/LDAP, no winbind, as Rigo Schultz' setup. And I
confirm, downgrading Samba solves the issue, I'm actually keeping the
new version for the DC, and everything seems to be running fine.
--
You received this
Also same here. NT4 Domain Member Server, without Winbind. Users and
groups are resolved via NSS. After downgrading Samba and related
packages to 2:4.7.6+dfsg~ubuntu-0ubuntu2 everything works again.
[2021/12/10 14:36:15.923981, 0] ../source3/auth/auth_util.c:1259(check_account)
check_account:
Same here, my configuration is more or less similar to the OP's. After
the update, the domain users authenticate successfully on their Windows
client machines against the Samba DC, so both LDAP and authentication
seem to work (I also use the same LDAP records for authentication of
other software,
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: samba (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1954342
Title:
12 matches
Mail list logo
