[Pkg-samba-maint] Bug#820982: downgrading samba 2:3.6.6-6+deb7u9 to fix regression NT_STATUS_ACCESS_DENIED

Andrew Bartlett abartlet at samba.org
Thu Apr 14 18:45:09 UTC 2016


On Thu, 2016-04-14 at 18:07 +0200, Jelle de Jong wrote:
> I used the following commands to downgrade my packages and it
> resolved
> the security regression as workaround.
> 
> # problem
> net rpc group -S localhost -U Administrator%<secret>
> Could not connect to server localhost
> Connection failed: NT_STATUS_ACCESS_DENIED
> 
> # workaround
> aptitude install samba=2:3.6.6-6+deb7u7
> aptitude install samba-common-bin=2:3.6.6-6+deb7u7
> aptitude install samba-doc=2:3.6.6-6+deb7u7
> 
> # check versions:
> dpkg -l libnss-winbind libpam-winbind libwbclient0 samba samba-common
> samba-common-bin samba-doc smbclient winbind

This has been reported upstream, the workaround for
 NT_STATUS_ACCESS_DENIED errors as a client is to set 'client ipc
signing = no'.

This NEWS file was missed in the release, and covers this situation.

https://anonscm.debian.org/cgit/pkg-samba/samba.git/commit/?h=wheezy&id
=0c40b90790187f2028a87cc8ae5f9c77f8394e32

We do realise the irony that the 3.6 package can't talk to itself out
of the box, and it appears that an additional capability may be back
-ported to the 3.6 series as a regression by some of my fellow team
members also supported this version for other distos.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba



More information about the Pkg-samba-maint mailing list