[Samba] RODC and LDAP via Simple Authentication fails

Garming Sam garming at catalyst.net.nz
Tue Jan 23 21:04:45 UTC 2018

I don't believe there was a test for this. Initial testing seems to
indicate that this is indeed currently broken.



On 24/01/18 09:54, Andrew Bartlett wrote:
> On Mon, 2018-01-22 at 22:07 +0100, Johannes Engel via samba wrote:
>> Am 22.01.2018 um 21:39 schrieb Andrew Bartlett:
>>> On Mon, 2018-01-22 at 21:30 +0100, Johannes Engel via samba wrote:
>>>> [2018/01/22 21:15:50.022197,  2]
>>>> ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)
>>>>   auth_check_password_recv: sam_failtrusts authentication for user
>>>> authoritative=1
>>> Hmm.  Are you sure the RODC's join to the domain is all OK?
>> Certainly to me it looks ok:
> ..
>> Any thoughts?
>> Best regards
>> Johannes
> All I can suggest is trying Samba 4.8rc1.  
> The stack involved changed again for 4.8, which might be what is going
> on here.  Otherwise it looks like a bug which will need a code fix. 
> I've CC'ed Garming who did a lot of the RODC work, I'm not sure (please
> check) if simple binds were in the RODC testsuite, and perhaps the
> first thing you could do towards fixing this would be to add such a
> failing test.
> Sorry,
> Andrew Bartlett

More information about the samba mailing list