Bug 14796 - Authentication with machine account does not work for "net rpc"
Summary: Authentication with machine account does not work for "net rpc"
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools (show other bugs)
Version: 4.13.0
Hardware: All All
: P5 minor (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
Depends on:
Reported: 2021-08-13 12:49 UTC by Samuel Cabrero
Modified: 2021-08-17 06:56 UTC (History)
0 users

See Also:

Patch for v4-13-test and v4-14-test (3.58 KB, patch)
2021-08-13 12:53 UTC, Samuel Cabrero
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Samuel Cabrero 2021-08-13 12:49:52 UTC
Authentication with the machine account was broken in 4.13 by a refactor to remove credentials flags (commit b7c366f1f8d8f2f1547d64801db6a49674570c6d), but it was fixed again in 4.15 by another refactor (commit ea071d278a614f17b5417d3ff98e1b8d1fd8970d).

The problem in 4.13 and 4.14 is that the username is always set to <machine account name>$@REALM even when kerberos is not used, so windows 2012 R2 rejects the NTLM authentication with NT_STATUS_LOGON_FAILURE.
Comment 1 Samuel Cabrero 2021-08-13 12:53:34 UTC
Created attachment 16735 [details]
Patch for v4-13-test and v4-14-test
Comment 2 Jeremy Allison 2021-08-13 17:49:22 UTC
This looks correct to me. Is it also a problem in master/4.15.rcX ?
Comment 3 Samuel Cabrero 2021-08-17 06:56:35 UTC
(In reply to Jeremy Allison from comment #2)
No, it only affects to 4.13 and 4.14 branches.