source4 Winbind credential chaining issue
Garming Sam
garming at catalyst.net.nz
Sun Dec 22 21:26:01 MST 2013
So, I've spent the last couple of days testing using Wintest.
I recently noticed that with an RODC (connected to a Win2008R2 domain),
samba_dnsupdate would fail. But not consistently and it would switch
between passing or failing, sometimes having strings of successes or
failures, or simply alternating.
The source of the issue isn't yet entirely clear, but it appears to be
an issue with Winbind and potentially involves the netlogon credentials
chain. If this does indeed turn out to be the case, do we cater for
source4 Winbind and fix it there, or do we simply ditch it in favour of
source3 and work out how to integrate it?
I ended up testing against 4.1, master and metze's master4-schannel-ok
branch. The behaviour was persistent on each.
The following three commands, will either all fail consecutively or all
succeed:
bin/wbinfo -a Administrator%password12#
sbin/samba_dnsupdate --fail-immediately
bin/wbinfo -a Administrator%password12#
I've attached a patch for selftest just to attempt to show that samba
doesn't behave in this manner.
Cheers,
Garming Sam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-selftest-add-rodc-and-other-env-tests-for-wbinfo.patch
Type: text/x-patch
Size: 2521 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20131223/c221957d/attachment.bin>
More information about the samba-technical
mailing list