bug in cm_prepare_connection
Herb Lewis
hlewis at panasas.com
Wed Aug 8 23:28:52 GMT 2007
I am seeing the following error in the function cm_prepare_connection.
This is samba-3.0.25b running in security=domain mode.
in the case where the code states
/* Fall back to non-kerberos session setup using NTLMSSP SPNEGO with the
machine account. */
I am getting an error (depending on which DC winbindd tries to contact)
"authenticated session setup failed with Must change password"
This leaves the vuid entry in the cli_state structure nonzero as
returned by the failed cli_session_setup_spnego. When we then try
to authenticate as the user in cli_session_setup this returns an
error "Bad userid" (as seen in wireshark). If I zero the vuid before
calling cli_session_setup then it works.
I'm not sure that is the correct place to put the fix though. Could
someone take a look at this patch and see if this looks OK or do
we need to fix the function cli_session_setup?
Index: branches/SAMBA_3_0_25/source/nsswitch/winbindd_cm.c
===================================================================
--- branches/SAMBA_3_0_25/source/nsswitch/winbindd_cm.c (revision 24277)
+++ branches/SAMBA_3_0_25/source/nsswitch/winbindd_cm.c (working copy)
@@ -752,6 +752,7 @@
"[%s]\\[%s]\n", controller, global_myname(),
ipc_domain, ipc_username));
+ (*cli)->vuid = 0;
if (NT_STATUS_IS_OK(cli_session_setup(
*cli, ipc_username,
ipc_password,
strlen(ipc_password)+1,
More information about the samba-technical
mailing list