14228 – auth fallback to local server's SAM not working when DC unreachable

Bug 14228 - auth fallback to local server's SAM not working when DC unreachable

Summary: auth fallback to local server's SAM not working when DC unreachable

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	4.11.4
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-01-05 20:40 UTC by Björn Jacke
Modified:	2020-01-05 20:40 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Björn Jacke 2020-01-05 20:40:16 UTC

when trying to connect to a Samba member server with an invalid domain name and a valid *local* user name Samba returns NT_STATUS_NO_LOGON_SERVERS when no DC is available even though it should authenticate against its local SAM. Only if the correct server's name is given, the authentication is working in that situation:

# smbclient  //localhost/test -UFOOFAA\\testx%xxx
session setup failed: NT_STATUS_NO_LOGON_SERVERS

Doing the same test against a Windows member server results in successful authentication against the local SAM. The Windows server caches the known trusted domains also and (only) lets the authentication fail if the auth attempt is done with a user of a trusted domain (or the joined domain of course). Samba should behave the same way.