[Pkg-samba-maint] Bug#991767: samba: Attempt to change password over IPv6 using kpasswd fails on AD DC server
Lorenz Schori
lo at znerol.ch
Sun Aug 1 13:01:49 BST 2021
Package: samba
Version: 2:4.13.5+dfsg-2
Severity: normal
Dear Maintainer,
After upstream commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef any
attempt to change a password over IPv6 fails on the server side. Samba
generates the following log entries (on the domain controller):
Starting GENSEC mechanism krb5
Failed to start GENSEC server mech krb5: NT_STATUS_INTERNAL_ERROR
On the client side the request to change the password results in the
following message after a delay of a couple of seconds:
kpasswd: Cannot contact any KDC for requested realm changing
password
Upstream commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef changed calls
to tsocket_address_bsd_sockaddr() in gensec_krb5.c such that IPv6
addresses will be rejected.
Affected are all upstream releases from branches 4.14 and 4.13. Older
branches / releases are not affected.
On the distro side, this bug affects soon to be released Debian
Bullseye, it does neither affect current stable Debian Buster nor Ubuntu
Focal (LTS).
Upstream bug (fixed in upstream release 4.13.10):
https://bugzilla.samba.org/show_bug.cgi?id=14750
-- Package-specific info:
* /etc/samba/smb.conf present, but not attached
* /var/lib/samba/dhcp.conf not present
-- System Information:
Debian Release: 11.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing'), (90,
'unstable'), (1, 'experimental') Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8),
LANGUAGE=C.UTF-8 Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages samba depends on:
ii adduser 3.118
ii dpkg 1.20.9
ii init-system-helpers 1.60
ii libbsd0 0.11.3-1
ii libc6 2.31-13
ii libgnutls30 3.7.1-5
ii libldb2 2:2.2.0-3.1
ii libpam-modules 1.4.0-9
ii libpam-runtime 1.4.0-9
ii libpopt0 1.18-2
ii libpython3.9 3.9.2-1
ii libtalloc2 2.3.1-2+b1
ii libtasn1-6 4.16.0-2
ii libtdb1 1.4.3-1+b1
ii libtevent0 0.10.2-1
ii libwbclient0 2:4.13.5+dfsg-2
ii lsb-base 11.1.0
ii procps 2:3.3.17-5
ii python3 3.9.2-3
ii python3-dnspython 2.0.0-1
ii python3-samba 2:4.13.5+dfsg-2
ii samba-common 2:4.13.5+dfsg-2
ii samba-common-bin 2:4.13.5+dfsg-2
ii samba-libs 2:4.13.5+dfsg-2
ii tdb-tools 1.4.3-1+b1
Versions of packages samba recommends:
ii attr 1:2.4.48-6
ii logrotate 3.18.0-2
ii python3-markdown 3.3.4-1
ii samba-dsdb-modules 2:4.13.5+dfsg-2
ii samba-vfs-modules 2:4.13.5+dfsg-2
Versions of packages samba suggests:
pn bind9 <none>
pn bind9utils <none>
pn ctdb <none>
ii ldb-tools 2:2.2.0-3.1
pn ntp | chrony <none>
pn smbldap-tools <none>
pn ufw <none>
pn winbind <none>
-- no debconf information
More information about the Pkg-samba-maint
mailing list