FW: Questions about Samba 4
Stefan Metzmacher
metze at samba.org
Fri Aug 28 14:38:15 UTC 2015
Hi Rowland,
> Hi Volker, it seems pretty easy to reproduce, just throw up a test DC in
> a VM, create a user and set the password to need to be changed at next
> login. Now create a member server in another VM and join this to the DC.
> now open three terminals, ssh into the member server as root from one
> and start 'top' , ssh into the member server as root from another and
> finally attempt to ssh into the member server as the user you created
> from the last one.
> Now watch the 'top' running in the other terminal, it should show
> winbind using 100% CPU (or very close to it) at this point go to the
> open root terminal and run gdb.
>
> I can easily reproduce it on an X86_64 machine running Samba Version
> 4.2.3-SerNet-Debian-7.wheezy
As you can easily reproduce this, can you please file a bug report
and upload network captures. For the following cases:
1. the original problem
2. with Volkers patch
3. with your changed sshd config
It would be perfect if you could also provide a keytab in order to
decrypt the krb5 traffic.
Looking at captures will likely help in order to judge if Volker's fix
is correct/complete related to security.
Thanks!
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150828/47822465/signature.sig>
More information about the samba-technical
mailing list