Bug 13332 - winbindd doesn't recover loss of netlogon secure channel in case the peer DC is rebooted
Summary: winbindd doesn't recover loss of netlogon secure channel in case the peer DC ...
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-15 09:23 UTC by Ralph Böhme
Modified: 2018-05-09 07:48 UTC (History)
4 users (show)

See Also:

Attachments
Patch for 4.7 backported from master (46.84 KB, patch)
2018-03-22 18:45 UTC, Ralph Böhme 		metze: review-
Details
Patch for 4.8 backported from master (47.14 KB, patch)
2018-03-22 18:46 UTC, Ralph Böhme 		metze: review+
Details
Patch for 4.7 backported from master (46.83 KB, patch)
2018-04-28 15:14 UTC, Ralph Böhme 		metze: review+
Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Böhme 2018-03-15 09:23:09 UTC 
We keep trying to establish a schannel netlogon connection with the netlogon schannel session key that is invalidated by the server reboot. The connection fails with NT_STATUS_RPC_SEC_PKG_ERROR. If we get this error we must fully reauth the netlogon schannel.
Comment 1 Stefan Metzmacher 2018-03-22 09:28:33 UTC 
We still need backports here...
Comment 2 Ralph Böhme 2018-03-22 18:45:30 UTC 
Created attachment 14071 [details]
Patch for 4.7 backported from master
Comment 3 Ralph Böhme 2018-03-22 18:46:00 UTC 
Created attachment 14072 [details]
Patch for 4.8 backported from master
Comment 4 Stefan Metzmacher 2018-04-19 10:30:34 UTC 
Comment on attachment 14071 [details]
Patch for 4.7 backported from master

Doesn't build because netlogon_creds_cli_context_global() is different
between 4.7 and 4.8
Comment 5 Stefan Metzmacher 2018-04-19 10:31:01 UTC 
Karo, please pick the 4.8 patch
Comment 6 Karolin Seeger 2018-04-20 09:48:36 UTC 
Pushed to autobuild-v4-8-test.
Comment 7 Karolin Seeger 2018-04-25 06:41:55 UTC 
Pushed to v4-8-test.
Re-assigning to Ralph for the fixed backport.
Comment 8 Ralph Böhme 2018-04-28 15:14:26 UTC 
Created attachment 14165 [details]
Patch for 4.7 backported from master

Oh, sorry for the previous broken 4.7 backport. I owe you an Indian lunch!
Comment 9 Ralph Böhme 2018-05-03 12:01:12 UTC 
Karo, please pick the 4.7 patch.
Comment 10 Karolin Seeger 2018-05-07 07:10:48 UTC 
(In reply to Ralph Böhme from comment #9)
Thanks, Ralph!
Pushed to autobuild-v4-7-test.
Comment 11 Karolin Seeger 2018-05-09 07:48:36 UTC 
(In reply to Karolin Seeger from comment #10)
Pushed to v4-7-test.
Closing out bug report.

Thanks!