BUG 12127: winbindd issues on 4.3.11 stack.
uri at samba.org
Tue Aug 9 06:41:48 UTC 2016
On 08/08/2016 09:46 AM, Hemanth Thummala wrote:
> Hello All,
> We currently have 4.3.5 stack. Recently we have consumed all 4.3.11 changes(BAD LOCK and other security fixes) and started unit testing them. We have found that all authentication requests failing after long timeout(more than a minute). Also any command(like sudo, ls <share path>) that requires a UID lookup(by winbindd) also failing after waiting for few seconds.
> I have created a bug(https://bugzilla.samba.org/show_bug.cgi?id=12127) for this issue and provided detailed logs and process stack. Since there have been quite a few security changes from 4.3.5, its becoming difficult to root cause the issue. At this point, I could see some relevance with the changes made to CVE-2016-2112 which has changes for strong security enforcements for LDAP connections.
> I see that some one else also posted a similar issue in redhat forums without a solution: https://access.redhat.com/solutions/2290811
> Any help in root causing this issue is much appreciated.
For the list - the issue got resolved by resetting "client ldap sasl
wrapping" from "plain" to its default of "sign". Still not clear what
caused just the post-security-release code to fail, since the security
release only changed the Samba LDAP server to require signing.
More information about the samba-technical