FW: Questions about Samba 4
rowlandpenny241155 at gmail.com
Fri Aug 28 15:00:46 UTC 2015
On 28/08/15 15:38, Stefan Metzmacher wrote:
> Hi Rowland,
>> Hi Volker, it seems pretty easy to reproduce, just throw up a test DC in
>> a VM, create a user and set the password to need to be changed at next
>> login. Now create a member server in another VM and join this to the DC.
>> now open three terminals, ssh into the member server as root from one
>> and start 'top' , ssh into the member server as root from another and
>> finally attempt to ssh into the member server as the user you created
>> from the last one.
>> Now watch the 'top' running in the other terminal, it should show
>> winbind using 100% CPU (or very close to it) at this point go to the
>> open root terminal and run gdb.
>> I can easily reproduce it on an X86_64 machine running Samba Version
> As you can easily reproduce this, can you please file a bug report
> and upload network captures. For the following cases:
> 1. the original problem
> 2. with Volkers patch
> 3. with your changed sshd config
> It would be perfect if you could also provide a keytab in order to
> decrypt the krb5 traffic.
> Looking at captures will likely help in order to judge if Volker's fix
> is correct/complete related to security.
OK, I will go back to what I was doing before Volker's fix popped up
and sent me off on a tangent, I was creating a new DC and a client in VM's
What I will say is that I didn't use Volkers fix, my reasoning was that
'what if winbind is spinning because it is waiting for the password to
be changed and could it actually be a ssh problem'.
I found a google result:
This led to getting prompted for a new password (twice) but still didn't
log me in, I examined sshd_config again and found this:
I uncommented it, restarted ssh and I could then login
I may be some time :-)
More information about the samba-technical