Bug 14228 - auth fallback to local server's SAM not working when DC unreachable
Summary: auth fallback to local server's SAM not working when DC unreachable
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.11.4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-01-05 20:40 UTC by Björn Jacke
Modified: 2020-01-05 20:40 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2020-01-05 20:40:16 UTC
when trying to connect to a Samba member server with an invalid domain name and a valid *local* user name Samba returns NT_STATUS_NO_LOGON_SERVERS when no DC is available even though it should authenticate against its local SAM. Only if the correct server's name is given, the authentication is working in that situation:

# smbclient  //localhost/test -UFOOFAA\\testx%xxx
session setup failed: NT_STATUS_NO_LOGON_SERVERS

Doing the same test against a Windows member server results in successful authentication against the local SAM. The Windows server caches the known trusted domains also and (only) lets the authentication fail if the auth attempt is done with a user of a trusted domain (or the joined domain of course). Samba should behave the same way.