[Samba] RODC and LDAP via Simple Authentication fails
Garming Sam
garming at catalyst.net.nz
Tue Jan 23 21:04:45 UTC 2018
I don't believe there was a test for this. Initial testing seems to
indicate that this is indeed currently broken.
Cheers,
Garming
On 24/01/18 09:54, Andrew Bartlett wrote:
> On Mon, 2018-01-22 at 22:07 +0100, Johannes Engel via samba wrote:
>> Am 22.01.2018 um 21:39 schrieb Andrew Bartlett:
>>> On Mon, 2018-01-22 at 21:30 +0100, Johannes Engel via samba wrote:
>>>> [2018/01/22 21:15:50.022197, 2]
>>>> ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)
>>>> auth_check_password_recv: sam_failtrusts authentication for user
>>>> [MYDOMAIN\ldap] FAILED with error NT_STATUS_NO_TRUST_LSA_SECRET,
>>>> authoritative=1
>>> Hmm. Are you sure the RODC's join to the domain is all OK?
>> Certainly to me it looks ok:
> ..
>
>> Any thoughts?
>> Best regards
>> Johannes
> All I can suggest is trying Samba 4.8rc1.
>
> The stack involved changed again for 4.8, which might be what is going
> on here. Otherwise it looks like a bug which will need a code fix.
> I've CC'ed Garming who did a lot of the RODC work, I'm not sure (please
> check) if simple binds were in the RODC testsuite, and perhaps the
> first thing you could do towards fixing this would be to add such a
> failing test.
>
> Sorry,
>
> Andrew Bartlett
More information about the samba
mailing list