** Branch linked: lp:~nacc/ubuntu-seeds/ubuntu.yakkety-samba -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1604630
Title: [FFe] 16.04 SAMBA missing winbind packages during install Status in ubuntu-meta package in Ubuntu: Fix Released Status in ubuntu-meta source package in Xenial: New Bug description: Release Feature Freeze Exception justification: the Xenial samba- server task refers to a non-existent package (smbpass-winbind) which provided functionality that is necessary to be a functional samba server. That package has been replaced with libpam-winbind. [Impact] * Installing the 'samba file server' task results in a non-function installation due to not being able to access users/authentication against an AD server. * In 16.04, libpam-smbpass was removed and effectively replaced by libpam-winbind. * The seed still refers to the libpam-smbpass in 16.04, which is not an installable package. * While this bug does refer to both libpam-smbpass and libnss- winbind, the prior samba-server task does not install libnss-winbind (which was also available in trusty), so it's less clear that it is necessary for a generally functioning samba server. [Test Case] * Install the samba-server task and attempt to access AD-based functionality (auth). It will fail and libpam-winbind won't be installed. [Regression Potential] * Changing the seed should have low regression potential. Given that samba-server currently does not function properly (or at least as expected), this should only result in an additional package being installed (libpam-winbind) when choosing the samba-server task. When installing 16.04 server, checking "samba file server" during install the following packages are not installed by default: libnss-winbind libpam-winbind The effect is that while samba can join AD domains just fine, it cannot enumerate domain users, i.e. "sudo getent passwd" will show only local accounts, not domain accounts; also, an attempt to access a samba share will result in "access denied". Specifically, the applicable log in /var/log/samba will have the lines: Kerberos ticket principal name is [<user>@<domain>] [2016/07/12 10:46:23.474798, 3] ../source3/auth/user_krb5.c:164(get_user_from_kerberos_info) Username <domain>\<user> is invalid on this system Once the missing packages are installed and services are restarted (nmbd, smbd, winbind), the problem is resolved. Installing these packages creates /lib/x86_64-linux-gnu/libnss_winbind.so.2, which is needed for winbind to enumerate the domain users/groups for credentials. In the distribution, checking "samba file server" should install the above listed packages or at least the release notes should specify that if this option is selected and one wishes to join an AD domain, then installing these packages is necessary. Thx. -ml ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: samba 2:4.3.9+dfsg-0ubuntu0.16.04.2 ProcVersionSignature: Ubuntu 4.4.0-28.47-generic 4.4.13 Uname: Linux 4.4.0-28-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 BothFailedConnect: Yes CurrentDesktop: LXDE Date: Tue Jul 19 17:35:16 2016 NmbdLog: ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SambaServerRegression: No SmbConfIncluded: Yes SmbLog: SourcePackage: samba UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1604630/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
