Bug 12782 - winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for the remote change
Summary: winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for the...
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.6.3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Stefan Metzmacher
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks: 12773
  Show dependency treegraph
 
Reported: 2017-05-10 09:06 UTC by Stefan Metzmacher
Modified: 2017-08-07 10:08 UTC (History)
3 users (show)

See Also:

Attachments
A minimal fix for the problem (5.43 KB, patch)
2017-06-19 07:13 UTC, Stefan Metzmacher 		no flags Details
Patches for v4-6-test (196.47 KB, patch)
2017-06-29 13:54 UTC, Stefan Metzmacher 		metze: review? (slow)
asn: review+
Details
Patches for v4-5-test (199.65 KB, patch)
2017-06-29 13:55 UTC, Stefan Metzmacher 		metze: review? (slow)
asn: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2017-05-10 09:06:38 UTC 
winbindd negotiates NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL and still
tries to change the machine password.

This results in a successful local change, but the remote change fails
with NT_STATUS_WRONG_PASSWORD as documented here:
https://msdn.microsoft.com/en-us/library/cc237243.aspx
Comment 1 Stefan Metzmacher 2017-06-19 07:13:48 UTC 
Created attachment 13289 [details]
A minimal fix for the problem

The more generic fixes are currently developed under:
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-secrets-tmp
and
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-secrets-ok
Comment 2 Stefan Metzmacher 2017-06-29 13:54:44 UTC 
Created attachment 13329 [details]
Patches for v4-6-test
Comment 3 Stefan Metzmacher 2017-06-29 13:55:18 UTC 
Created attachment 13330 [details]
Patches for v4-5-test
Comment 4 Andreas Schneider 2017-07-03 10:48:29 UTC 
Karolin, please add the patches to the relevant branches. Thanks!
Comment 5 Stefan Metzmacher 2017-07-13 05:39:21 UTC 
Pushed to autobuild-v4-{5,6}-test
Comment 6 Stefan Metzmacher 2017-07-14 08:10:57 UTC 
(In reply to Stefan Metzmacher from comment #5)

Pushed to v4-{5,6}-test
Comment 7 Karolin Seeger 2017-08-04 09:00:33 UTC 
Shouldn't we take the minimal patch for 4.6 and 4.5 here?
Please lets discuss on Monday!
Planned release date for 4.6.7 is Wednesday...
Comment 8 Karolin Seeger 2017-08-07 10:08:46 UTC 
(In reply to Karolin Seeger from comment #7)
Ok, after some discussion, let's go ahead with the complete patchset.