pisymbol .
2016-May-31 15:09 UTC
[Samba] Regression: The 'net' command is now failing to login (UNKNOWN ENUM VALUE 1003?)
On Fri, May 27, 2016 at 3:55 PM, Gaiseric Vandal <gaiseric.vandal at gmail.com> wrote:> Is the netapp a member of the domain?Yes.> My assumption is that you can have domain members that are patched with domain controllers that are not.I don't know what you mean by that. This worked before the samba CVE changes took effect in the latest samba3 RPMs distributed by the CentOS team. It certainly feels like regression. -aps
Gaiseric Vandal
2016-May-31 15:29 UTC
[Samba] Regression: The 'net' command is now failing to login (UNKNOWN ENUM VALUE 1003?)
On 05/31/16 11:09, pisymbol . wrote:> On Fri, May 27, 2016 at 3:55 PM, Gaiseric Vandal > <gaiseric.vandal at gmail.com> wrote: >> Is the netapp a member of the domain? > Yes. > >> My assumption is that you can have domain members that are patched with domain controllers that are not. > I don't know what you mean by that. This worked before the samba CVE > changes took effect in the latest samba3 RPMs distributed by the > CentOS team. > > It certainly feels like regression. > > -apsThe patched systems either default to or enforce higher security settings. The patched systems and non-patched systems don't seem to be able to negotiate a common set of security settings. The "http://badlock.org/" site lists of of the security issues. I found on my machines that I had to specifically disable signing but that only partially fixed the issue. I think you either need to downgrade your netapp or upgrade your domain controllers. The only other thing that MIGHT have worked for me was to disable schannel support on all systems but that seemed like a bad idea.
pisymbol .
2016-Jun-02 12:36 UTC
[Samba] Regression: The 'net' command is now failing to login (UNKNOWN ENUM VALUE 1003?)
On Tue, May 31, 2016 at 11:29 AM, Gaiseric Vandal <gaiseric.vandal at gmail.com> wrote:> > > The patched systems either default to or enforce higher security settings. > The patched systems and non-patched systems don't seem to be able to > negotiate a common set of security settings. > > > The "http://badlock.org/" site lists of of the security issues. > > > I found on my machines that I had to specifically disable signing but that > only partially fixed the issue. I think you either need to downgrade > your netapp or upgrade your domain controllers. The only other thing > that MIGHT have worked for me was to disable schannel support on all systems > but that seemed like a bad idea.There are some patches floating around for samba4 that should fix it I believe (mucking with a few flags during spnego that should fix this). Note: Our NetApps have signing turned off and the smbclient/net commands still fail. -aps
Apparently Analagous Threads
- Regression: The 'net' command is now failing to login (UNKNOWN ENUM VALUE 1003?)
- Regression: The 'net' command is now failing to login (UNKNOWN ENUM VALUE 1003?)
- Regression: The 'net' command is now failing to login (UNKNOWN ENUM VALUE 1003?)
- Regression: The 'net' command is now failing to login (UNKNOWN ENUM VALUE 1003?)
- Regression: The 'net' command is now failing to login (UNKNOWN ENUM VALUE 1003?)