[Bug 2107324] Re: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection)
I would be happy for some steps, to reproduce, to downgrade samba 4.21 to 4.19 in order to test the rest of 25.04... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107324 Title: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2107324] Re: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection)
here is the output of #samba-gpupdate -d 3 ** Attachment added: "samba-error" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+attachment/5874004/+files/samba-error -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107324 Title: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2107324] Re: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection)
here is the output of a working machine running 24.04.02 ** Attachment added: "samba-output240402" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+attachment/5874005/+files/samba-output240402 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107324 Title: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2107324] Re: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection)
hi, here is my smb.conf: $ cat /etc/samba/smb.conf [global] idmap config * : backend = tdb idmap config * : range = 1-2 idmap config SINC : backend = rid idmap config SINC : range = 20001-9 kerberos method = secrets and keytab security = ADS usershare allow guests = No workgroup = MYWG -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107324 Title: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2107324] Re: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection)
Checking the manual page for samba-gpupdate, there are some debugging options you could try: -d DEBUGLEVEL, --debuglevel=DEBUGLEVEL debug level Can you try some different values for -d? Perhaps start with 3. Max is 10 I think, which is a LOT. If nothing is printed out to your terminal, then these logs will be somewhere in /var/log/samba/. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107324 Title: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2107324] Re: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection)
Can you share your /etc/samba/smb.conf please? And logs from /var/log/samba/log.* -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107324 Title: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2107324] Re: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection)
I wonder if there might be a setting I can use in sssd.conf or smb.conf to force my local samba instance to use a stronger auth mechanism ? As I understand it is a client side issue. The microsoft servers will use the stronger auth as a default behaviour ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107324 Title: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2107324] Re: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection)
> when supporting the bug I could not select python3-samba as culprit. but > python3-samba provides samba- > gpupdate. Thanks, that's fine, bugs can only be filed against a source package in Ubuntu (samba, in this case). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107324 Title: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2107324] Re: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection)
Thanks. Pasting the crash here for information:
Traceback:
Traceback (most recent call last):
File "/usr/sbin/samba-gpupdate", line 135, in
apply_gp(lp, creds, store, gp_extensions, username,
^^^
opts.target, opts.force)
File "/usr/lib/python3/dist-packages/samba/gp/gpclass.py", line 1009, in
apply_gp
gpos = get_gpo_list(dc_hostname, creds, lp, username)
File "/usr/lib/python3/dist-packages/samba/gp/gpclass.py", line 848, in
get_gpo_list
uac, dn = find_samaccount(samdb, username.split('\\')[-1])
~~~^
File "/usr/lib/python3/dist-packages/samba/gp/gpclass.py", line 694, in
find_samaccount
res = samdb.search(samdb.get_default_basedn(), ldb.SCOPE_SUBTREE,
'(sAMAccountName={})'.format(samaccountname), attrs)
_ldb.LdbError: (1, '04DC: LdapErr: DSID-0C090C92, comment: In order to
perform this operation a successful bind must be completed on the connection.,
data 0, v4f7c')
** Changed in: samba (Ubuntu)
Status: Incomplete => Triaged
** Changed in: samba (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2107324
Title:
samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation
a successful bind must be completed on the connection)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2107324] Re: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection)
Thats the kernel output when running "samba-gpupdate" ** Attachment added: "crash.log" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+attachment/5871685/+files/crash.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107324 Title: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2107324] Re: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection)
Thats the samba-crash-log ** Attachment added: "_usr_sbin_samba-gpupdate.0.crash" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+attachment/5871686/+files/_usr_sbin_samba-gpupdate.0.crash -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107324 Title: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2107324] Re: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection)
if you need more or something specific just tell me... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107324 Title: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2107324] Re: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection)
The only thing that comes to mind that could affect this, in samba 4.21.x, from the release notes[1], is the ldap channel binding support: """ LDAP TLS/SASL channel binding support = The ldap server supports SASL binds with kerberos or NTLMSSP over TLS connections now (either ldaps or starttls). Setups where 'ldap server require strong auth = allow_sasl_over_tls' was required before, can now most likely move to the default of 'ldap server require strong auth = yes'. If SASL binds without correct tls channel bindings are required 'ldap server require strong auth = allow_sasl_without_tls_channel_bindings' should be used now, as 'allow_sasl_over_tls' will generate a warning in every start of 'samba', as well as '[samba-tool ]testparm'. This is similar to LdapEnforceChannelBinding under HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters on Windows. All client tools using ldaps also include the correct channel bindings now. """ Can you perhaps bump the logging and see if something useful shows up in the samba logs? 1. https://www.samba.org/samba/history/samba-4.21.0.html ** Changed in: samba (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107324 Title: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2107324] Re: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection)
when supporting the bug I could not select python3-samba as culprit. but python3-samba provides samba-gpupdate. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107324 Title: samba-gpupdate fails(LdapErr: DSID-0C090C90 to perform this operation a successful bind must be completed on the connection) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2107324/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
