[Pkg-samba-maint] Bug#820982: downgrading samba 2:3.6.6-6+deb7u9 to fix regression NT_STATUS_ACCESS_DENIED
Andrew Bartlett
abartlet at samba.org
Thu Apr 14 18:45:09 UTC 2016
On Thu, 2016-04-14 at 18:07 +0200, Jelle de Jong wrote:
> I used the following commands to downgrade my packages and it
> resolved
> the security regression as workaround.
>
> # problem
> net rpc group -S localhost -U Administrator%<secret>
> Could not connect to server localhost
> Connection failed: NT_STATUS_ACCESS_DENIED
>
> # workaround
> aptitude install samba=2:3.6.6-6+deb7u7
> aptitude install samba-common-bin=2:3.6.6-6+deb7u7
> aptitude install samba-doc=2:3.6.6-6+deb7u7
>
> # check versions:
> dpkg -l libnss-winbind libpam-winbind libwbclient0 samba samba-common
> samba-common-bin samba-doc smbclient winbind
This has been reported upstream, the workaround for
NT_STATUS_ACCESS_DENIED errors as a client is to set 'client ipc
signing = no'.
This NEWS file was missed in the release, and covers this situation.
https://anonscm.debian.org/cgit/pkg-samba/samba.git/commit/?h=wheezy&id
=0c40b90790187f2028a87cc8ae5f9c77f8394e32
We do realise the irony that the 3.6 package can't talk to itself out
of the box, and it appears that an additional capability may be back
-ported to the 3.6 series as a regression by some of my fellow team
members also supported this version for other distos.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the Pkg-samba-maint
mailing list