[Pkg-samba-maint] Bug#1135081: samba: login brakes after upgrade to Version 4.22.8-Debian
Christian Obrist
edv.app at tsn.at
Mon Apr 27 12:12:33 BST 2026
Package: samba
Version: 2:4.22.8+dfsg-0+deb13u1
Severity: normal
X-Debbugs-Cc: edv.app at tsn.at
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
Upgrade from samba Version 4.22.6 to Version 4.22.8
* What exactly did you do (or not do) that was effective (or
ineffective)?
update / upgrade
* What was the outcome of this action?
login manager seems to be losing the username:
Apr 27 13:07:34 r610pc01 gnome-shell[1568]: ActUserManager: user (null) has no username (uid: -1)
Apr 27 13:07:34 r610pc01 gdm-password][2187]: accountsservice: ActUserManager: user (null) has no username (uid: -1)
Apr 27 13:07:34 r610pc01 gdm-password][2187]: pam_succeed_if(gdm-password:auth): requirement "user ingroup nopasswdlogin" not met by user "brg.schueler"
Apr 27 13:07:37 r610pc01 gdm-password][2187]: pam_unix(gdm-password:auth): check pass; user unknown
Apr 27 13:07:37 r610pc01 gdm-password][2187]: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost=
Apr 27 13:07:37 r610pc01 gdm-password][2187]: pam_winbind(gdm-password:auth): getting password (0x00000388)
Apr 27 13:07:37 r610pc01 gdm-password][2187]: pam_winbind(gdm-password:auth): pam_get_item returned a password
Apr 27 13:07:39 r610pc01 systemd[1]: systemd-localed.service: Deactivated successfully.
Apr 27 13:07:39 r610pc01 systemd[1]: systemd-hostnamed.service: Deactivated successfully.
Apr 27 13:07:43 r610pc01 gdm-password][2202]: accountsservice: ActUserManager: user (null) has no username (uid: -1)
we tried to remove mdns4_minimal in line "hosts" in nsswitch.conf - without access
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files systemd winbind
group: files systemd winbind
shadow: files systemd
gshadow: files systemd
hosts: files myhostname mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
we also tried upgrading samba on a working client, after that login brakes
* What outcome did you expect instead?
working login
*** End of the template - remove these template lines ***
-- Package-specific info:
* /etc/samba/smb.conf present, and attached
-- System Information:
Debian Release: 13.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.74+deb13+1-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8), LANGUAGE=de_AT:de
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages samba depends on:
ii init-system-helpers 1.69~deb13u1
ii libbsd0 0.12.2-2
ii libc6 2.41-12+deb13u2
ii libcups2t64 2.4.10-3+deb13u2
ii libdbus-1-3 1.16.2-2
ii libgnutls30t64 3.8.9-3+deb13u2
ii libldap2 2.6.10+dfsg-1
ii libldb2 2:2.11.0+samba4.22.8+dfsg-0+deb13u1
ii libpopt0 1.19+dfsg-2
ii libtalloc2 2:2.4.3+samba4.22.8+dfsg-0+deb13u1
ii libtasn1-6 4.20.0-2
ii libtdb1 2:1.4.13+samba4.22.8+dfsg-0+deb13u1
ii libtevent0t64 2:0.16.2+samba4.22.8+dfsg-0+deb13u1
ii libtirpc3t64 1.3.6+ds-1
ii liburing2 2.9-1
ii passwd 1:4.17.4-2
ii procps 2:4.0.4-9
ii samba-common 2:4.22.8+dfsg-0+deb13u1
ii samba-common-bin 2:4.22.8+dfsg-0+deb13u1
ii samba-libs [libndr6] 2:4.22.8+dfsg-0+deb13u1
Versions of packages samba recommends:
ii attr 1:2.5.2-3
ii python3-samba 2:4.22.8+dfsg-0+deb13u1
ii samba-ad-dc 2:4.22.8+dfsg-0+deb13u1
Versions of packages samba suggests:
pn ctdb <none>
pn samba-vfs-ceph <none>
pn samba-vfs-glusterfs <none>
pn ufw <none>
ii winbind 2:4.22.8+dfsg-0+deb13u1
-- no debconf information
-------------- next part --------------
[global]
workgroup = APP
security = ADS
realm = APP.TSN
# we MUST set winbind use default domain = yes
# to drop APP before username listed
# by winbindd to keep idmapd working for NFS4 & krb5
# APP\username instead username will break
# name -> uid -> name for idmapd
winbind use default domain = yes
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
# Setting the default back end is mandatory.
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use a read-write-enabled back end, such as tdb.
idmap config * : backend = tdb
idmap config * : range = 3000-7999
# - You must set a DOMAIN backend configuration
# idmap config for the APP domain
idmap config APP : backend = ad
idmap config APP : schema_mode = rfc2307
# we have to avoid the internal used range: 3 000 000 - 4 000 000
# and start with 5 000 000
# and end with: 2 147 483 647 = 2^31 - 1
# for uids created from IPs: 10.3.12.105 -> 2 003 012 105 have to stay beyond 10.147. !
# https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
idmap config APP : range = 5000000-2147483647
idmap config APP : unix_nss_info = yes
idmap config APP : unix_primary_group = yes
# If you are creating a new smb.conf on an unjoined machine and add these lines,
# a keytab will be created during the join:
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
# To disable printing completely, add these lines:
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
More information about the Pkg-samba-maint
mailing list