[Bug 1388091] Re: winbindd does not provide geocs to libnss_winbind in ad configuration with winbind nss info = template (default)
in samba 4.3.3 in ubuntu xenial the problem is resolved. The upstream bug is/was https://bugzilla.samba.org/show_bug.cgi?id=10440 As you can see there the proper fix is quite big, maybe not the best idea to backport to 4.1, but at least in the next lts version of ubuntu it should be fixed ** Bug watch added: Samba Bugzilla #10440 https://bugzilla.samba.org/show_bug.cgi?id=10440 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1388091 Title: winbindd does not provide geocs to libnss_winbind in ad configuration with winbind nss info = template (default) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1388091/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1530929] [NEW] /usr/share/pam-configs/winbind should not include krb5_ccache_type or other options
Public bug reported: the template file winbind includes a lot of options that should be in /etc/security/pam_winbind.conf. Putting options in the template overwrites the option in /etc/security/pam_winbind.conf, So, if you want for example to put the krb5cc outside of tmp, you have to modify the file in /usr/share/pam-configs/, than call pam-auth-update. Files in /usr should not be touched by users, so this is not a real solution. The correct place is /etc, in this case the configuration file /etc/security/pam_winbind.conf The file in usr should be like: Name: Winbind NT/Active Directory authentication Default: yes Priority: 192 Auth-Type: Primary Auth: [success=end default=ignore]pam_winbind.so try_first_pass Auth-Initial: [success=end default=ignore]pam_winbind.so Account-Type: Primary Account: [success=end new_authtok_reqd=done default=ignore] pam_winbind.so Password-Type: Primary Password: [success=end default=ignore]pam_winbind.so use_authtok try_first_pass Password-Initial: [success=end default=ignore]pam_winbind.so Session-Type: Additional Session: optionalpam_winbind.so whereas the file in /etc/security/pam_winbind.conf should be like this to not change the effective configuration [global] krb5_auth=yes krb5_ccache_type=FILE cached_login=yes ** Affects: samba (Ubuntu) Importance: Undecided Status: New ** Tags: libpam-winbind -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1530929 Title: /usr/share/pam-configs/winbind should not include krb5_ccache_type or other options To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1530929/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1475118] Re: It would be nice to get Samba 4.2 in Wily (4.1 in Maintenance mode for 6 more months. EOL by 10/2016)
debian now has samba 4.2.1 in experimental. This should be a good starting point I've used samba 4.1 and now I am on 4.2 on arch (used as ad-server). 4.2 to me seems to be more stable (winbindd simply works better than the now obsolete "source4" winbind; even on winbindd they made some improvements), so I would be happy to see 4.2 in 5.10 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1475118 Title: It would be nice to get Samba 4.2 in Wily (4.1 in Maintenance mode for 6 more months. EOL by 10/2016) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1475118/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1355992] Re: pam_winbind krb5_ccache_type=FILE stopped working after 14.10 upgrade
patch applied in ubuntu package ** Changed in: samba (Ubuntu) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1355992 Title: pam_winbind krb5_ccache_type=FILE stopped working after 14.10 upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1355992/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1388091] [NEW] winbindd does not provide geocs to libnss_winbind in ad configuration with winbind nss info = template (default)
Public bug reported: affected with Ubuntu version 14.04.1 and 14.10. If the user loggs in, he does not see his own full name (geocs). it is also reporduceable by getent passwd $USER. usually there should be a field containing the users full name. if winbindd enumerates all users or winbind rpc only = yes is set, the full name is displayed. In the first case only until the internal cache expires. The reason is that nss info template simply does not provide this information and resets this field, even if the values is known somewhere else in the code path. ** Affects: samba (Ubuntu) Importance: Undecided Status: New ** Patch added: Give a hint to the nss info backend if we know the full name. not every backend implements fetching its value (ex. template) https://bugs.launchpad.net/bugs/1388091/+attachment/4250029/+files/ads_full_name_hint_nss_template.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1388091 Title: winbindd does not provide geocs to libnss_winbind in ad configuration with winbind nss info = template (default) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1388091/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1388091] Re: winbindd does not provide geocs to libnss_winbind in ad configuration with winbind nss info = template (default)
A samba version containing this patch is built in my ppa ppa:saxl/ppa (for utopic) There is also a version for trusty, but its also samba 4.1.11 backported from utopic -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1388091 Title: winbindd does not provide geocs to libnss_winbind in ad configuration with winbind nss info = template (default) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1388091/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1355992] Re: pam_winbind krb5_ccache_type=FILE stopped working after 14.10 upgrade
in 4.1.11+dfsg-1ubuntu2 the last patch on https://bugzilla.samba.org/show_bug.cgi?id=10490 is applied. ** Bug watch added: Samba Bugzilla #10490 https://bugzilla.samba.org/show_bug.cgi?id=10490 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1355992 Title: pam_winbind krb5_ccache_type=FILE stopped working after 14.10 upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1355992/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1310919] Re: pam_winbind krb5_ccache_type=FILE stopped working after 14.04 upgrade
I have built a package some time ago with the new patch posted on bugs.samba.org for utopic (https://launchpad.net/~saxl/+archive/ubuntu/ppa/+build/6263614), The 4.1.11+dfsg-1ubuntu1saxl1 build works well on my site. The problem is that I am also the bug reporter on bugs.samba.org, so maybe someone else should try to test and maybe post a comment on bugs.samba.org. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1310919 Title: pam_winbind krb5_ccache_type=FILE stopped working after 14.04 upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1310919/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1310919] Re: pam_winbind krb5_ccache_type=FILE stopped working after 14.04 upgrade
well, I have the same problem with 14.10, to get a working samba 4.1.11 all you need to do is apply the patch in this bugreport. It has been dropped when syncing with debian. In my private ppa there is a working samba version for utopic. As a longterm workaround I have changed from pam_winbind to pam_sss. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1310919 Title: pam_winbind krb5_ccache_type=FILE stopped working after 14.04 upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1310919/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1355992] [NEW] pam_winbind krb5_ccache_type=FILE stopped working after 14.10 upgrade
Public bug reported: essentially the same as lp #1310919, since 4.1.11+dfsg-1ubuntu1 dropped the patch krb5_kt_start_seq.diff that is not applied upstream yet ** Affects: samba (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1355992 Title: pam_winbind krb5_ccache_type=FILE stopped working after 14.10 upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1355992/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307778] Re: getent group on trusty returns only local groups
The behavior of BUILTIN\ is not a bug but is intended like this. The idmap_ad plugin is only used for the WORKGROUP domain. everything else is up to idmap config * : range = 10-30. See man idmap_ad If you try setting a gid to the groups in the AD, does this workaround the problem? (to be sure the -1 are comming from the idmap_ad backend) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1307778 Title: getent group on trusty returns only local groups To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1307778/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1310919] Re: pam_winbind krb5_ccache_type=FILE stopped working after 14.04 upgrade
I can confirm that this fixes the bug for my installations (two different domains on multiple 14.04 clients), everywhere using kerberos method = secrets and keytab and the keytab access set to root:root 600 just a side note: the bug is not in pam_winbind but in winbindd itself (as you can read here: Apr 22 16:21:23 ben sshd[10932]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_SYSTEM_ERR (4), NTSTATUS: NT_STATUS_CONNECTION_DISCONNECTED, Error message was: -- NT_STATUS_CONNECTION_DISCONNECTED --). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1310919 Title: pam_winbind krb5_ccache_type=FILE stopped working after 14.04 upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1310919/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1310919] Re: pam_winbind krb5_ccache_type=FILE stopped working after 14.04 upgrade
I have looked at the source and found a potential problem. This patch should fix it, but of corse needs some testing. ** Patch added: krb5_kt_start_seq.diff https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1310919/+attachment/4094414/+files/krb5_kt_start_seq.diff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1310919 Title: pam_winbind krb5_ccache_type=FILE stopped working after 14.04 upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1310919/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1310919] Re: pam_winbind krb5_ccache_type=FILE stopped working after 14.04 upgrade
for those who are also affected by this bug: i've uploaded the a samba package with this patch on my ppa (ppa:saxl/ppa). Building should start shortly. p.s.: I have opened a bugreport upstream (https://bugzilla.samba.org/show_bug.cgi?id=10490), but since older versions of samba did not have this problem, the root cause could also be in the system kerberos implementation. ** Bug watch added: Samba Bugzilla #10490 https://bugzilla.samba.org/show_bug.cgi?id=10490 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1310919 Title: pam_winbind krb5_ccache_type=FILE stopped working after 14.04 upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1310919/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
