Created attachment 13673 [details] HAVE_IPV6 Patch for krb5_samba.c Hi, during upgrading our whole system to ipv6, latest samba AD ( 3 DCs ) Version 4.6.8 and windows 10 clients i noticed the problem, that users are unable to change their password in the AD Domain from a Windows Client. The samba DCs run on a ipv6 address (interfaces = 2a00:xxx:xxx::9; bind interfaces only = Yes). So does the Clients. It is compiled by ourself in a custom sbuild environment. We took the 4.6.7 artful debian package and build a backport for 4.6.8 with xenial. (and of course the dependency packages: cmocka, talloc, tdb, tevent, ldb) For digging into the bug it was compiled by standard configure mechanism on a latest xenial ubuntu with all packages updated. During password change the windows clients always says that the domain is currently unavailable. (Login, joining, everything else works, only password changing does not) After digging into it i found the problem in the krb5_samba.c file, Line150 and 183. The Part with "#if defined(HAVE_IPV6) && defined(KRB5_ADDRESS_INET6)" is not compiled. It pointed out that HAVE_IPV6 is set, but KRB5_ADDRESS_INET6 seems not to be set during compile time. Our - i guess dirty - solution was, to add a patch "99_xx.diff" (see below): With this patch we were able to build the 4.6.8 Samba on xenial as ubuntu package as well as standard configure way, and the clients are able to change their password now. - So, everything works now as expected.
Are you building this with the embedded heimdal, or with MIT kerberos ?
Hi, it should be heimdal. From the debian build system it is configured with this command: /usr/bin/python2.7 ./buildtools/bin/waf -v configure --prefix=/usr --enable-fhs --sysconfdir=/etc --localstatedir=/var --libexecdir=/usr/lib/x86_64-linux-gnu --with-privatedir=/var/lib/samba/private --with-smbpasswd-file=/etc/samba/smbpasswd --with-piddir=/var/run/samba --with-pammodulesdir=/lib/x86_64-linux-gnu/security --with-pam --with-syslog --with-utmp --with-winbind --with-shared-modules=idmap_rid,idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_tdb2,vfs_dfs_samba4,auth_samba4 --with-automount --with-ldap --with-ads --with-dnsupdate --with-gpgme --libdir=/usr/lib/x86_64-linux-gnu --with-modulesdir=/usr/lib/x86_64-linux-gnu/samba --datadir=/usr/share --with-lockdir=/var/run/samba --with-statedir=/var/lib/samba --with-cachedir=/var/cache/samba --enable-avahi --disable-rpath --disable-rpath-install --bundled-libraries=NONE,pytevent,iniparser,roken,wind,hx509,asn1,heimbase,hcrypto,krb5,gssapi,heimntlm,hdb,kdc,com_err,compile_et,asn1_compile --builtin-libraries=replace,ccan,samba-cluster-support --minimum-library-version="" --with-cluster-support --with-socketpath=/var/run/ctdb/ctdbd.socket --with-logdir=/var/log/ctdb --with-systemd I'll attach also the config.log.
Created attachment 13678 [details] config.log of build process.
Created attachment 13682 [details] git-am fix for 4.7.next, 4.6.next. Cherry-pick from master.
Re-assigning to Kaolin for inclusion in 4.7.x, 4.6.x.
(In reply to Jeremy Allison from comment #5) Pushed to autobuild-v4-{7,6}-test.
(In reply to Karolin Seeger from comment #6) Pushed to both branches. Closing out bug report. Thanks!