[Pkg-samba-maint] Bug#991767: samba: Attempt to change password over IPv6 using kpasswd fails on AD DC server

Lorenz Schori lo at znerol.ch
Sun Aug 1 13:01:49 BST 2021 

Package: samba
Version: 2:4.13.5+dfsg-2
Severity: normal

Dear Maintainer,

After upstream commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef any
attempt to change a password over IPv6 fails on the server side. Samba
generates the following log entries (on the domain controller):

    Starting GENSEC mechanism krb5
    Failed to start GENSEC server mech krb5: NT_STATUS_INTERNAL_ERROR

On the client side the request to change the password results in the
following message after a delay of a couple of seconds:

    kpasswd: Cannot contact any KDC for requested realm changing
    password

Upstream commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef changed calls
to tsocket_address_bsd_sockaddr() in gensec_krb5.c such that IPv6
addresses will be rejected.

Affected are all upstream releases from branches 4.14 and 4.13. Older
branches / releases are not affected.

On the distro side, this bug affects soon to be released Debian
Bullseye, it does neither affect current stable Debian Buster nor Ubuntu
Focal (LTS).

Upstream bug (fixed in upstream release 4.13.10):
https://bugzilla.samba.org/show_bug.cgi?id=14750

-- Package-specific info:
* /etc/samba/smb.conf present, but not attached
* /var/lib/samba/dhcp.conf not present

-- System Information:
Debian Release: 11.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing'), (90,
'unstable'), (1, 'experimental') Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8),
LANGUAGE=C.UTF-8 Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages samba depends on:
ii  adduser              3.118
ii  dpkg                 1.20.9
ii  init-system-helpers  1.60
ii  libbsd0              0.11.3-1
ii  libc6                2.31-13
ii  libgnutls30          3.7.1-5
ii  libldb2              2:2.2.0-3.1
ii  libpam-modules       1.4.0-9
ii  libpam-runtime       1.4.0-9
ii  libpopt0             1.18-2
ii  libpython3.9         3.9.2-1
ii  libtalloc2           2.3.1-2+b1
ii  libtasn1-6           4.16.0-2
ii  libtdb1              1.4.3-1+b1
ii  libtevent0           0.10.2-1
ii  libwbclient0         2:4.13.5+dfsg-2
ii  lsb-base             11.1.0
ii  procps               2:3.3.17-5
ii  python3              3.9.2-3
ii  python3-dnspython    2.0.0-1
ii  python3-samba        2:4.13.5+dfsg-2
ii  samba-common         2:4.13.5+dfsg-2
ii  samba-common-bin     2:4.13.5+dfsg-2
ii  samba-libs           2:4.13.5+dfsg-2
ii  tdb-tools            1.4.3-1+b1

Versions of packages samba recommends:
ii  attr                1:2.4.48-6
ii  logrotate           3.18.0-2
ii  python3-markdown    3.3.4-1
ii  samba-dsdb-modules  2:4.13.5+dfsg-2
ii  samba-vfs-modules   2:4.13.5+dfsg-2

Versions of packages samba suggests:
pn  bind9          <none>
pn  bind9utils     <none>
pn  ctdb           <none>
ii  ldb-tools      2:2.2.0-3.1
pn  ntp | chrony   <none>
pn  smbldap-tools  <none>
pn  ufw            <none>
pn  winbind        <none>

-- no debconf information

More information about the Pkg-samba-maint mailing list