You have been subscribed to a public bug:
Release Feature Freeze Exception justification: the Xenial samba-server
task refers to a non-existent package (smbpass-winbind) which provided
functionality that is necessary to be a functional samba server. That
package has been replaced with libpam-winbind.
[Impact]
* Installing the 'samba file server' task results in a non-function
installation due to not being able to access users/authentication
against an AD server.
* In 16.04, libpam-smbpass was removed and effectively replaced by
libpam-winbind.
* The seed still refers to the libpam-smbpass in 16.04, which is not an
installable package.
* While this bug does refer to both libpam-smbpass and libnss-winbind,
the prior samba-server task does not install libnss-winbind (which was
also available in trusty), so it's less clear that it is necessary for a
generally functioning samba server.
[Test Case]
* Install the samba-server task and attempt to access AD-based
functionality (auth). It will fail and libpam-winbind won't be
installed.
[Regression Potential]
* Changing the seed should have low regression potential. Given that
samba-server currently does not function properly (or at least as
expected), this should only result in an additional package being
installed (libpam-winbind) when choosing the samba-server task.
When installing 16.04 server, checking "samba file server" during
install the following packages are not installed by default:
libnss-winbind
libpam-winbind
The effect is that while samba can join AD domains just fine, it cannot
enumerate domain users, i.e. "sudo getent passwd" will show only local
accounts, not domain accounts; also, an attempt to access a samba share
will result in "access denied". Specifically, the applicable log in
/var/log/samba will have the lines:
Kerberos ticket principal name is [<user>@<domain>]
[2016/07/12 10:46:23.474798, 3]
../source3/auth/user_krb5.c:164(get_user_from_kerberos_info)
Username <domain>\<user> is invalid on this system
Once the missing packages are installed and services are restarted
(nmbd, smbd, winbind), the problem is resolved. Installing these
packages creates /lib/x86_64-linux-gnu/libnss_winbind.so.2, which is
needed for winbind to enumerate the domain users/groups for credentials.
In the distribution, checking "samba file server" should install the
above listed packages or at least the release notes should specify that
if this option is selected and one wishes to join an AD domain, then
installing these packages is necessary.
Thx.
-ml
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: samba 2:4.3.9+dfsg-0ubuntu0.16.04.2
ProcVersionSignature: Ubuntu 4.4.0-28.47-generic 4.4.13
Uname: Linux 4.4.0-28-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
BothFailedConnect: Yes
CurrentDesktop: LXDE
Date: Tue Jul 19 17:35:16 2016
NmbdLog:
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SambaServerRegression: No
SmbConfIncluded: Yes
SmbLog:
SourcePackage: samba
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: ubuntu-meta (Ubuntu)
Importance: Undecided
Status: New
** Affects: ubuntu-meta (Ubuntu Xenial)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug xenial
--
[FFe] 16.04 SAMBA missing winbind packages during install
https://bugs.launchpad.net/bugs/1604630
You received this bug notification because you are a member of Ubuntu Touch
seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
