Samba 3 - interesting behaviours after badlock patch.
asn at samba.org
Tue Apr 26 07:37:10 UTC 2016
On Tuesday, 26 April 2016 00:31:55 CEST Bogdan Iamandei wrote:
> Hi guys,
> We’ve struck a bunch of problems with applying the patches for samba 3.6.25
> - released as an IDR
by Oracle for Solaris on SPARC.
> It looks like samba can no longer authenticate against AD users which exist
> in /etc/passwd, and
that the only work around that is to have winbind
> started (which is not something we’ve had to run for the past 15 years).
> Our "security=ads" has worked fine up until now.
> It also looks like the primary group does not get resolved anymore so for
> example a directive like:
> valid users = @staff
> will not allow anyone because @staff is not resolved correctly (it’s used to
> differentiate staff from
students, so there’s about 10,000 members in that
> Also, in this, multiple iterations of a group in /etc/group will no longer
> be iterated through so
that only the first occurrence will be checked
> against and the rest will be silently discarded:
> . . .
> valid users = @special_grp ->> this will only allow user1,2 and 3 - where
> user4,5,6 will be ignored.
> (we split groups like this to get around the character limitation per group
> line - don’t ask!).
> I’m happy to provide more details.
> Are these problems known? any ideas, or do we have to revert this to the
> previous unpatched version?
At least I have a bug report but haven't had the time to work on it yet.
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
More information about the samba-technical