Samba 3 - interesting behaviours after badlock patch.

Bogdan Iamandei b.iamandei at
Tue Apr 26 00:31:55 UTC 2016

Hi guys,

We’ve struck a bunch of problems with applying the patches for samba 3.6.25 - released as an IDR
by Oracle for Solaris on SPARC.

It looks like samba can no longer authenticate against AD users which exist in /etc/passwd, and
that the only work around that is to have winbind started (which is not something we’ve had to
run for the past 15 years). Our "security=ads" has worked fine up until now.

It also looks like the primary group does not get resolved anymore so for example a directive like:

valid users = @staff

will not allow anyone because @staff is not resolved correctly (it’s used to differentiate staff from
students, so there’s about 10,000 members in that group).

Also, in this, multiple iterations of a group in /etc/group will no longer be iterated through so
that only the first occurrence will be checked against and the rest will be silently discarded:


. . .

valid users = @special_grp ->> this will only allow user1,2 and 3 - where user4,5,6 will be ignored.

(we split groups like this to get around the character limitation per group line - don’t ask!).

I’m happy to provide more details.

Are these problems known? any ideas, or do we have to revert this to the previous unpatched version?


More information about the samba-technical mailing list