[Bug 1574228] Re: Changes to Samba packages for April 12 prevent legacy Windows clients from logging in to NT4 style domain

Michael Lueck 1574228 at bugs.launchpad.net
Mon Apr 25 17:37:38 UTC 2016 

*** This bug is a duplicate of bug 1572122 ***
    https://bugs.launchpad.net/bugs/1572122

@John #9, I had brought to my attention this:

https://wiki.samba.org/index.php/Samba_4.2_Features_added/changed
New smb.conf options

I make use of both OS/2 which has a LANServer client integrated, and the
DOS LANManager client in order to connect to our Samba server for drive
imaging. I was suspecting I need to investigate adding:

client ipc min protocol
allow dcerpc auth level connect

options. If it really seems no smb.conf adjustments were required as
part of applying this proposed update to the Samba packages I will hold
off testing adjusting the smb.conf files for now.

Thank you.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1574228

Title:
  Changes to Samba packages for April 12 prevent legacy Windows clients
  from logging in to NT4 style domain

Status in samba package in Ubuntu:
  Confirmed

Bug description:
  On Ubuntu 12.04 fully patched, this weekend I attempted to apply the
  samba 2:3.6.25-0ubuntu0.12.04.2 updates. That resulted in a Samba NT4
  PDC that downlevel Windows clients could no longer log in to. Logging
  into said Windows machines with a local account and manually issuing
  the NET USE command to bring up drive mounts to the Samba server were
  successful.

  I have taken log snapshots with Samba logging set to level 3 of a
  Windows XP virtual machine attempting to connect to the Samba PDC
  server.

  From the working log I see:

    switch message SMBwriteX (pid 4906) conn 0xb82f9978
    api_rpcTNP: rpc command: NETR_LOGONSAMLOGON
    schannel_fetch_session_key_tdb: restored schannel info key SECRETS/SCHANNEL/MDLXP
    schannel_store_session_key_tdb: stored schannel info with key SECRETS/SCHANNEL/MDLXP
    Forcing Primary Group to 'Domain Users' for mdlueck

  Whereas in the not working log I see at the same spot:

    switch message SMBwriteX (pid 21144) conn 0xb96f7200
    srv_pipe_check_verification_trailer: failed

  Perhaps did Samba make a change that requires something to be
  specified in the smb.conf to accept connections from legacy clients?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1574228/+subscriptions

More information about the foundations-bugs mailing list