Samba 3 - interesting behaviours after badlock patch.

Andreas Schneider asn at
Tue Apr 26 07:37:10 UTC 2016

On Tuesday, 26 April 2016 00:31:55 CEST Bogdan Iamandei wrote:
> Hi guys,
> We’ve struck a bunch of problems with applying the patches for samba 3.6.25
> - released as an IDR
 by Oracle for Solaris on SPARC.
> It looks like samba can no longer authenticate against AD users which exist
> in /etc/passwd, and
 that the only work around that is to have winbind
> started (which is not something we’ve had to run for the past 15 years).
> Our "security=ads" has worked fine up until now. 
> It also looks like the primary group does not get resolved anymore so for
> example a directive like:
> valid users = @staff
> will not allow anyone because @staff is not resolved correctly (it’s used to
> differentiate staff from
 students, so there’s about 10,000 members in that
> group).
> Also, in this, multiple iterations of a group in /etc/group will no longer
> be iterated through so
 that only the first occurrence will be checked
> against and the rest will be silently discarded: 
> special_grp::800:user1,user2,user3
> special_grp::800:user4,user5,user6
> . . .
> valid users = @special_grp ->> this will only allow user1,2 and 3 - where
> user4,5,6 will be ignored.
> (we split groups like this to get around the character limitation per group
> line - don’t ask!).
> I’m happy to provide more details.
> Are these problems known? any ideas, or do we have to revert this to the
> previous unpatched version?

At least I have a bug report but haven't had the time to work on it yet.

	-- andreas

Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at

More information about the samba-technical mailing list