source4 Winbind credential chaining issue

Garming Sam garming at
Sun Dec 22 21:26:01 MST 2013

So, I've spent the last couple of days testing using Wintest.

I recently noticed that with an RODC (connected to a Win2008R2 domain), 
samba_dnsupdate would fail. But not consistently and it would switch 
between passing or failing, sometimes having strings of successes or 
failures, or simply alternating.

The source of the issue isn't yet entirely clear, but it appears to be 
an issue with Winbind and potentially involves the netlogon credentials 
chain. If this does indeed turn out to be the case, do we cater for 
source4 Winbind and fix it there, or do we simply ditch it in favour of 
source3 and work out how to integrate it?

I ended up testing against 4.1, master and metze's master4-schannel-ok 
branch. The behaviour was persistent on each.

The following three commands, will either all fail consecutively or all 

bin/wbinfo -a Administrator%password12#
sbin/samba_dnsupdate --fail-immediately
bin/wbinfo -a Administrator%password12#

I've attached a patch for selftest just to attempt to show that samba 
doesn't behave in this manner.


Garming Sam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-selftest-add-rodc-and-other-env-tests-for-wbinfo.patch
Type: text/x-patch
Size: 2521 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list