[Samba] Regression: The 'net' command is now failing to login (UNKNOWN ENUM VALUE 1003?)

Gaiseric Vandal gaiseric.vandal at gmail.com
Tue May 31 15:29:15 UTC 2016

On 05/31/16 11:09, pisymbol . wrote:
> On Fri, May 27, 2016 at 3:55 PM, Gaiseric Vandal
> <gaiseric.vandal at gmail.com> wrote:
>> Is the netapp a member of the domain?
> Yes.
>> My assumption is that you can have domain members that are patched with domain controllers that are not.
> I don't know what you mean by that. This worked before the samba CVE
> changes took effect in the latest samba3 RPMs distributed by the
> CentOS team.
> It certainly feels like regression.
> -aps

The patched systems either default to or enforce higher security 
settings.  The patched systems and non-patched systems don't seem to be 
able to negotiate a common set of security settings.

The "http://badlock.org/" site lists of of the security issues.

I found on my machines that I had to specifically disable signing but 
that only partially fixed the issue.     I think you either need to 
downgrade your netapp or upgrade your domain controllers.     The only 
other thing that MIGHT have worked for me was to disable schannel 
support on all systems but that seemed like a bad idea.

More information about the samba mailing list