[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
** Changed in: samba (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
Do you want to mark this as resolved/closed/fixed/whatever the correct status on launchpad is? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
Good news! I installed the update and rebooted and it did not work, smbclient commands returned NT_STATUS_NO_LOGON_SERVERS. But after also adding "client ipc signing = auto" to smbd.conf as per Tony Haley's recommendation in comment #20, and after another reboot, it is working as expected with just the 4.1.6 DCs in service (it worked with the 4.3.8 servers even before this update). I'm relieved to know that if I have to take down my new PDC for maintenance, this old 12.04.5 server will not suddenly stop working when it has to authenticate against the other DCs. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
Hi all, I will try to remember to test the samba update after the users leave for the day, as I have to take the new PDC which works offline in order to test this. The "libsoup" thing referred to in the link that Marc provided does not seem relevant to us, as we did not even have that package installed to begin with. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
>I had to add client ipc signing = auto to the global section of the smb.conf file too. This fixed it for me too (not sure if this was only a configuration issue or the regression combined with config issue). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
It seems to have fixed it for me for both W7 and XP clients. I had to add client ipc signing = auto to the global section of the smb.conf file too. - Original Message - From: "Alexander Skiba" <ghostlyr...@gmail.com> To: tha...@bluechiptechnology.co.uk Sent: Wednesday, 4 May, 2016 20:15:04 Subject: [Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update For what it's worth, I saw the same symptoms as the original reporter and there has not been any change after upgrading to 2:3.6.25-0ubuntu0.12.04.3 -- You received this bug notification because you are subscribed to the bug report. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update Status in samba package in Ubuntu: Confirmed Bug description: Hi, I updated Samba on my old web server which is running a fully updated 12.04.5 LTS, and now I cannot get it to act as a domain member anymore. All password validation requests fail. Only way to access this server once more is to manually add local users with usernames and passwords matching the domain users. The server is now completely incapable of checking passwords against our 14.04 LTS Samba AD DC. I have verified that upgrading our other 14.04 LTS file server from Samba 4.1.6 to 4.3.8 worked fine, but upgrading our Samba AD DC from 4.1.6 to 4.3.8 BROKE EVERYTHING, so I had to roll that back. I suspect that if I were able to update the AD DC to 4.3.8 perhaps this issue would go away, as I believe the problem is specific to the recently patched "badlock" bug. However, that is a separate issue, one that I will not file a bug for unless I am able to determine that it is not specific to our configuration. I will spin up a new AD DC using the 4.3.8 series and try to make it the new PDC, and if that also fails, I will file a bug for that other issue. I will also come back here and let you know if this issue goes away by doing that or not. I would upgrade this server to 14.04 LTS, if not for the fact that we still have some legacy PHP 5.3 code, and we were not able to compile PHP 5.3 on newer Ubuntu versions because of crazy dependency issues which I will not get into here. Relevant error messages when trying to use smbclient with a domain username: cli_negprot: SMB signing is mandatory and the server doesn't support it. failed negprot: NT_STATUS_ACCESS_DENIED Changing the server signing and client signing parameters on any of the involved servers does not seem to fix the issue unfortunately. Below is more debug info, with my true domain name changed to SAMDOM.EXAMPLE.ORG instead of what it actually is. To make it more clear, FILESERV is our 4.3.8 fileserver, FILESERV2 is actually our 4.1.6 Samba AD DC, and DB3 is our 3.6.25 file/web server. Full debug level 5 output of the smbtree command: smbtree -d 5 -U administrator INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" doing parameter max log size = 1000 doing parameter syslog = 0 doing parameter panic action = /usr/share/samba/panic-action %d doing parameter netbios name = db3 handle_netbios_name: set global_myname to: DB3 doing parameter workgroup = SAMDOM doing parameter security = ADS doing parameter realm = samdom.example.org doing parameter encrypt passwords = true doing parameter load printers = no doing parameter printing = bsd doing parameter printcap name = /dev/null doing parameter disable spoolss = yes doing parameter idmap config *:backend = tdb doing parameter idmap config *:range = 2000- doing parameter idmap config SAMDOM:backend = ad doing parameter idmap config SAMDOM:schema_mode = rfc2307 doing parameter idmap config SAMDOM:range = 1-8 doing parameter winbind nss info = rfc2307 doing parameter winbind trusted domains only = no doing parameter winbind use default domain = yes doing parameter winbind enum users = yes doing parameter winbind enum groups = yes doing parameter vfs objects = acl_xattr
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
For what it's worth, I saw the same symptoms as the original reporter and there has not been any change after upgrading to 2:3.6.25-0ubuntu0.12.04.3 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
Today's Samba update may contain the fix for this issue: http://www.ubuntu.com/usn/usn-2950-2/ Could the original bug reporter please test the update and comment here? Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
** Changed in: samba (Ubuntu) Importance: Undecided => High ** Changed in: samba (Ubuntu) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
** Tags added: regression-update -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
This should be fixed ASAP as it is causing large scale issues. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
The RPC errors make me think this may be related to the DCERPC problems that were causing problems with domain trust functions in bug #1572122 . A source code patch is available in Samba but has not been applied or tested in Ubuntu. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
Does anyone have anything better than do a fresh install from a new version of Ubuntu? There's got to be a better option... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
Since it only took me 3-5 hours to build a 16.04 LTS AD DC running 4.3.8 and the bind DNS backend, I suspect that this might just be the easiest way to go. Just to repeat as a warning, upgrading my existing DC from 4.1.6 to 4.3.8 on 14.04 LTS resulted in a broken DC for me, so rather than just upgrading, I highly recommend building a new server. And since you probably shouldn't have much else running on your DC anyway, there seems to be no good reason so far to not build it on 16.04 LTS, as minimal software means minimal chance that you will encounter any problems from any new 16.04 bugs. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
Hi all, I appear to have solved this issue for myself by setting up an entirely new AD DC today based on 16.04 LTS, and joining it to the existing domain. I took no action at all on the affected system, and yet today after setting that new system up, the affected system seems to be connecting properly as before, so I suspect that this might very well be the solution. As I said before, I was not able to upgrade any of my 4.1.6 DCs to 4.3.8 as something would get horribly corrupted, but setting up a new one seems to have worked with only minor complications and confusion. I more or less followed the instructions at the Samba AD Wiki for joining a new DC to an existing domain, except that they seem to specify a few strange things, such as that you MUST set up bind DLZ first before provisioning, which I actually think is impossible, and switching to bind after joining worked fine. The whole process was not too hard, though it was confusing at times, especially since it seemed to not be working until after I rebooted after the join was done. I had a few problems with it at first giving me lots of errors about NT_STATUS_INVALID_SID and such, especially with commands like "smbclient -L localhost -U%", but output of the "samba-tool drs showrepl" command and all the DNS commands looked like they were connecting to the other DC properly, so at one point I rebooted and it seemed to work after that. I suspect that leaving out "idmap_ldb:use rfc2307 = yes" out of my smb.conf might have contributed to fixing stuff, but I suspect it was mostly just the reboot that took care of things, possibly because of the network settings changes involved during the samba config process. I can't confirm for sure what it was, as I did a lot of stuff between reboots and samba restarts, all I can confirm for sure is that my previously affected server is no longer throwing a fit now that it can contact my new DC, even though it cannot contact any of the others. Also, apparently you can have winbind running on an AD DC now since 4.3.X, so I did that, and I can do id username queries from the command line of the DC and they all work. This seems to be a new feature, I think because they replaced the special winbind they were using with AD DCs before with the original winbind daemon. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
Here is a wireshark capture of the connection attempt. ** Attachment added: "Wireshark Capture" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+attachment/4643368/+files/SMB.pcapng.tar.gz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
A portion of the log file from when a Windows Workstation tries to connect to the server. ** Attachment added: "log.smdb" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+attachment/4643353/+files/log.smdb.tar.gz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
Here are my package versions: libsmbclient:amd64 2:4.3.8+dfsg-0ubuntu0.14.04.2amd64 libwbclient0:amd64 2:4.3.8+dfsg-0ubuntu0.14.04.2amd64 python-samba2:4.3.8+dfsg-0ubuntu0.14.04.2amd64 python-smbc 1.0.14.1-0ubuntu2 amd64 samba2:4.3.8+dfsg-0ubuntu0.14.04.2amd64 samba-common2:4.3.8+dfsg-0ubuntu0.14.04.2all samba-common-bin 2:4.3.8+dfsg-0ubuntu0.14.04.2amd64 samba-dsdb-modules 2:4.3.8+dfsg-0ubuntu0.14.04.2amd64 samba-libs:amd64 2:4.3.8+dfsg-0ubuntu0.14.04.2amd64 samba-vfs-modules 2:4.3.8+dfsg-0ubuntu0.14.04.2amd64 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
Adding a "Me Too".: I have the exact issue. I have tried various things to no avail. Here is my Global section of my SMB.CONF: [global] workgroup = BNB realm = BNB.LAN netbios name = DC1 server role = active directory domain controller #dns forwarder = 12.127.16.68 #dns forwarder = 12.127.17.71 dns forwarder = 8.8.8.8 idmap_ldb:use rfc2307 = yes server string = BNB Corporate Server # server signing = disabled # ntlm auth = yes -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
I also ran into a problem looking like this one. My smb.conf global section looks like this: [global] netbios name = SERVER realm = EXAMPLE.COM workgroup = EXAMPLE security = ADS kerberos method = system keytab mangled names = no log level = 2 I have a feeling Kerberos authentication worked since I could log in from Windows clients in the same domain but password auth failed using smbclient and also Windows from another network which does not have access to domain controllers. These packages were upgraded automatically a while ago: - libwbclient0 2:3.6.3-2ubuntu2.17 -> libwbclient0_2%3a3.6.25-0ubuntu0.12.04.2_amd64.deb - smbclient 2:3.6.3-2ubuntu2.17 -> smbclient_2%3a3.6.25-0ubuntu0.12.04.2_amd64.deb - samba-common 2:3.6.3-2ubuntu2.17 -> samba-common_2%3a3.6.25-0ubuntu0.12.04.2_all.deb - samba-common-bin 2:3.6.3-2ubuntu2.17 -> samba-common-bin_2%3a3.6.25-0ubuntu0.12.04.2_amd64.deb I decided to downgrade to older versions. But accidentally I restored samba instead of samba-common-bin from the backup server so my downgrade command looked like this: dpkg -i \ libwbclient0_2%3a3.6.3-2ubuntu2.17_amd64.deb \ samba_2%3a3.6.3-2ubuntu2.17_amd64.deb \ samba-common_2%3a3.6.3-2ubuntu2.17_all.deb \ smbclient_2%3a3.6.3-2ubuntu2.17_amd64.deb Anyway, after I ran that, authentication worked again. My package version are now as follows: # dpkg-query -l | egrep 'samba|libwbclient|smbclient' ii libsmbclient 2:3.6.25-0ubuntu0.12.04.2 shared library for communication with SMB/CIFS servers ii libsmbclient-dev 2:3.6.25-0ubuntu0.12.04.2 development files for libsmbclient hi libwbclient0 2:3.6.3-2ubuntu2.17 Samba winbind client library ii samba2:3.6.3-2ubuntu2.17 SMB/CIFS file, print, and login server for Unix hi samba-common 2:3.6.3-2ubuntu2.17 common files used by both the Samba server and client ii samba-common-bin 2:3.6.25-0ubuntu0.12.04.2 common files used by both the Samba server and client hi smbclient2:3.6.3-2ubuntu2.17 command-line SMB/CIFS clients for Unix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
Whoops, that's supposed to be example.org, to match with the above. I was changing my organization name. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
To be clear, neither example.org or example.com are my actual samba domain. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
I am not running winbind on the DC. The options I have tried in their various combinations are server signing = off, server signing = auto, and client signing = off. I have tried them on just the 12.04 server, and also on both the 12.04 server and the AD DC. Nothing seems to resolve the problem for the 12.04 server. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
Here is my current samba AD DC config, after removing the signing option: # Global parameters [global] workgroup = SAMDOM realm = samdom.example.com netbios name = FILESERV2 server role = active directory domain controller server services = -dns os level = 70 idmap_ldb:use rfc2307 = yes allow dns updates = nonsecure #dns forwarder = 192.168.6.3 load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes panic action = /usr/share/samba/panic-action %d [netlogon] path = /var/lib/samba/sysvol/samdom.example.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Very simple, as you can see. I use bind9.9 and samba_dlz, and DNS resolution has worked perfectly for over a year. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
You've tried setting server signing = disabled on your 12.04 LTS server? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
Are you running winbind on your AD DC? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1572824] Re: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: samba (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1572824 Title: Samba Domain Member cannot check passwords against Samba AD DC after "Badlock" update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs