[Samba] RODC and LDAP via Simple Authentication fails
Andrew Bartlett
abartlet at samba.org
Tue Jan 23 20:54:04 UTC 2018
On Mon, 2018-01-22 at 22:07 +0100, Johannes Engel via samba wrote:
> Am 22.01.2018 um 21:39 schrieb Andrew Bartlett:
> > On Mon, 2018-01-22 at 21:30 +0100, Johannes Engel via samba wrote:
> > > [2018/01/22 21:15:50.022197, 2]
> > > ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)
> > > auth_check_password_recv: sam_failtrusts authentication for user
> > > [MYDOMAIN\ldap] FAILED with error NT_STATUS_NO_TRUST_LSA_SECRET,
> > > authoritative=1
> >
> > Hmm. Are you sure the RODC's join to the domain is all OK?
>
> Certainly to me it looks ok:
..
> Any thoughts?
> Best regards
> Johannes
All I can suggest is trying Samba 4.8rc1.
The stack involved changed again for 4.8, which might be what is going
on here. Otherwise it looks like a bug which will need a code fix.
I've CC'ed Garming who did a lot of the RODC work, I'm not sure (please
check) if simple binds were in the RODC testsuite, and perhaps the
first thing you could do towards fixing this would be to add such a
failing test.
Sorry,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list