** Description changed: Binary package hint: samba One of our users upgraded their Ubuntu workstation to 9.10 and they can no longer authenticate via pam_winbind with the domain controller (Samba 3.3.7). # apt-cache policy winbind winbind: - Installed: 2:3.4.0-3ubuntu5 - Candidate: 2:3.4.0-3ubuntu5 - Version table: - *** 2:3.4.0-3ubuntu5 0 - 500 http://gb.archive.ubuntu.com karmic/main Packages - 100 /var/lib/dpkg/status + Installed: 2:3.4.0-3ubuntu5 + Candidate: 2:3.4.0-3ubuntu5 + Version table: + *** 2:3.4.0-3ubuntu5 0 + 500 http://gb.archive.ubuntu.com karmic/main Packages + 100 /var/lib/dpkg/status After the upgrade, the following messages appear in the winbind log every five minutes: [2009/11/10 11:45:01, 0] libsmb/ntlmssp_sign.c:208(ntlmssp_check_packet) - NTLMSSP NTLM2 packet check failed due to invalid signature! + NTLMSSP NTLM2 packet check failed due to invalid signature! [2009/11/10 11:45:01, 0] rpc_client/cli_pipe.c:620(cli_pipe_verify_ntlmssp) - cli_pipe_verify_ntlmssp: failed to unseal packet from host SKIPPY. Error was NT_STATUS_ACCESS_DENIED. + cli_pipe_verify_ntlmssp: failed to unseal packet from host SKIPPY. Error was NT_STATUS_ACCESS_DENIED. Attempting to authenticate results in the following: # wbinfo -a chrisa Enter chrisa's password: plaintext password authentication failed Could not authenticate user chrisa with plaintext password Enter chrisa's password: challenge/response password authentication failed error code was NT code 0x1c010002 (0x1c010002) error messsage was: NT code 0x1c010002 Could not authenticate user chrisa with challenge/response And this message appears in the winbind log: [2009/11/10 11:44:58, 1] rpc_client/cli_pipe.c:948(cli_pipe_validate_current_pdu) - cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host SKIPPY! + cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host SKIPPY! This appears to match the behaviour mentioned in the upstream bug #6646 which was fixed in Samba 3.4.1: - https://bugzilla.samba.org/show_bug.cgi?id=6646 + https://bugzilla.samba.org/show_bug.cgi?id=6646 Patch looks quite trivial. Would it be possible to backport it? Thanks, Chris
-- [SRU] winbind authentication fails after karmic upgrade https://bugs.launchpad.net/bugs/479955 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
