similar to: Moving from samba-3.6.23-25.el6_7.x86_64 to samba-3.6.23-30.el6_7 has broken access to our MAC OS X clients

On 21/04/16 12:46, Ian Collier wrote: > I hear your frustration - we've had the same troubles. My understanding > of this (which may be wrong) is: > > - The Badlock patches broke something in the Samba server which > means it's no longer able to contact the Windows AD in order to > authenticate users. My understanding is that the Badlock patches fixed a

On Wed, Apr 20, 2016 at 03:42:47PM -0500, Karen Magee wrote: > Also tied winbindd and that was a disaster of a > different sort. > > It wouldn't use the local unix groups first, which will cause way too > many issues. > > All along, however, the PCs that connect (when not trying to use > winbindd) have consistently > been able to connect and use

On Thu, Apr 21, 2016 at 01:25:14PM +0100, Rowland penny wrote: > My understanding is that the Badlock patches fixed a multitude of security > problems, That's not disputed, and is why we have persevered in trying to make the patched version work instead of just reverting back to the previous version (you'll note that one response on this thread advocated doing that). >

Does mitigation of the so-called BADLOCK CVE (CVE-2016-2118) for Samba 3.x imply an upgrade to a non-vulnerable version of the tdb library? If so, can someone point me to any documentation on the tdb vulnerability? Thanks, Sam

Rowland Penny via samba wrote: > On Thu, 7 Jun 2018 14:57:34 +0100 > Rowland Penny via samba <samba at lists.samba.org> wrote: > >> On Thu, 7 Jun 2018 14:51:11 +0100 >> Rowland Penny via samba <samba at lists.samba.org> wrote: >> >>> On Thu, 7 Jun 2018 15:43:07 +0200 >>> "L.P.H. van Belle via samba" <samba at lists.samba.org>

On 13/04/16 17:55, Bill Baird wrote: > Hi All, > > I am running Samba 3.6 in PDC mode (i know, i know...AD upgrade is in the > works). > > The most recent update for CentOS 6 (samba-3.6.23-30.el6_7.x86_64) appears > to have caused issues and I was forced to downgrade back > to samba-3.6.23-25.el6_7.x86_64. > > When 3.6.23-30 is installed, users running Windows 7 x64

Hi All, I am running Samba 3.6 in PDC mode (i know, i know...AD upgrade is in the works). The most recent update for CentOS 6 (samba-3.6.23-30.el6_7.x86_64) appears to have caused issues and I was forced to downgrade back to samba-3.6.23-25.el6_7.x86_64. When 3.6.23-30 is installed, users running Windows 7 x64 receive the following error when trying access shares: "The trust relationship

I am the IT administrator for a group of researchers at a university. I have a non-production SAMBA server that I am suddenly needing to press into production temporarily I have a CentOS6 machine running winbindd and samba 3.6.23-30.el6_7. User Account Configuration is NIS and Authentication is Kerberos password. I manage my NIS servers but the Kerberos and Active Directory Domain controllers

hi It can be so help [global] >---admin users = @nt_admins if not then I need 1. root at pdc:~# testparm 2. root at pdc:~# ldapsearch -xLLL -H ldapi:/// -b ou=groups,ou=arkhangelsk,dc=rugion,dc=ru ldap suffix = ou=arkhangelsk,dc=rugion,dc=ru ldap group suffix = ou=groups 3. try log level = 10 max log size = 1000 and go through the authorization in windows pc

hi all I have two different Samba versions as PDC and BDC and depending on which one is "domain master" users which are domain admins are not recognized as such. Everything seems normal with 3.6.23-25.el6_7 as "domain master" but when I configure them so 4.2.10 is the master then I login to Win7 fine but Windows tells me that the user is not an Admin and I need to supply

Hi, Samba has released patch for CVE-2016-2118 from 3.6.x release onwards. We use samba 3.0.35 in our product. Is there any patch available for 3.0.35? -- Regards Madhu

Hi all, A - I thought badlock mitigation was about encrypting SMB traffic, at least most part of it. And this encryption of most part of data transfer could (or should) lower performances. It seems I was wrong: smallest part (something like commands) are encrypted but not SMB traffic (ie file transfer). This for SMB protocol prior to SMB3 (which comes with windows 8). B - According to what I

I have several XP VM's and its also physically one on a on a multiboot laptop. Just today, they all gave "unknown username or bad password" to the main samba server which has been working fine for years. There is nothing wrong with the accounts because Win 7 clients using the same credentials are fine. On the LAN I also have Ubuntu servers and their samba shares are OK from XP.

On Fri, 21 Apr 2017 12:00:59 -0400 Eleuterio Contracampo via samba <samba at lists.samba.org> wrote: > [2017/04/21 12:47:55.219297, 0] > ../auth/gensec/gensec.c:257(gensec_verify_dcerpc_auth_level) > > Did not manage to negotiate mandetory feature SIGN for dcerpc > auth_level 6 > I think you may be running into an artefact of the badlock patches, for which Win7 will

On Tue, 12 Sep 2017 19:30:42 +0100 Miguel Medalha via samba <samba at lists.samba.org> wrote: > Your problem probably comes from using the AD DC as a file server. > The file server should be separated, as recommended by the Samba > team. I get close to wire speed on dedicated member servers. > > With version 4.4.2, changes in behaviour for the "server signing" and

Just a follow-up. Still, no resolution. I've tried different combinations with "client ipc signing" without luck. A traffic dump shows the problem as: i) windows XP client sends a DCE/RPC SAMR command GetDomPwInfo ii) samba DC responds with DCE/RPC Fault nca_proto_error I've also tried fiddling with Local Security Policy registry values at the Win XP machine, but got nothing

ORACLE have released this patch for Solaris 10 - Samba v3.6.25: IDR152387-03 addressing CVE-2016-2118 (BADLOCK) and other CVEs for S10 SPARC Which has addressed our issue. Thanks -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Gaiseric Vandal Sent: 07 June 2016 14:51 To: samba at lists.samba.org Subject: Re: [Samba] Solaris 10 Configure failure

Thanks for your reply, Louis However, I am still blocked by this problem now. !-_- I tried to set the samba server as the DNS server and visit the shared folder by input "\\aaa.bb.com" at windows 7 client. In some cases it works and will not fail. However the similar abnormal phenomenon also occasionally happens (especially at changing the authentication, such as local to ldap): 1) I can

Currently running version 3.6.25 on a SPARC Solaris 10 64 bit server. Due to CVE-2016-2118 need to upgrade to version 4.2.11 / 4.3.8 / 4.4.2 No Solaris package available. Configure script fails with “Couldn't determine size of 'bool'” Is it possible to install these versions on Solaris 10 and if so how? Many Thanks Steve. This Email and any attachments contains confidential

Hi, Due to "Red Hat Vulnerability Response: BADLOCK", an automatic samba package RHEL5 update was apply on our system. This broke "The trust relationship between this workstation and the primary domain failed" (error message logon client) in my environnement production. So, I use now 3.6.23-12.el5_11, I see they are new directive for smb.conf and some others more restrict