if a password of a user is not yet cached on a RODC, then the login fails, even if a RWDC is reachable. The password is being cached after that though and subsequent logins will are successfull then. I guess this is not the intended behaviour?
This bug was referenced in samba master: f33f73f82fb2d5d96928ce5910e2d0d939c2ff57 27ee5ad713b760e8226537d79c529ace1efb07bf 0f5d7ff1a9fd14fd412b09883d413d1d660fa7be
Created attachment 17193 [details] Patches for v4-16-test
There is an oss-fuzz build failure that should be addressed first if possible. https://oss-fuzz-build-logs.storage.googleapis.com/log-426d78f2-f4db-4448-a337-90a6e48741cc.txt
(In reply to Andrew Bartlett from comment #3) The warning was introduced by this commit: https://git.samba.org/?p=samba.git;a=commitdiff;h=1201147d06feeba8b6ec72fb537340ba29b1b95f commit 1201147d06feeba8b6ec72fb537340ba29b1b95f Author: Andreas Schneider <asn@samba.org> AuthorDate: Thu Dec 9 07:48:13 2021 +0100 Commit: Andreas Schneider <asn@cryptomilk.org> CommitDate: Fri Mar 4 14:05:31 2022 +0000 s4:kdc: Implement new Microsoft forwardable flag behavior Allow delegation to any target if we have delegations set up, but the target is not specified. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> And that's not related to this bug report. I'll also upload backports for 4.15 and 4.14 in the next days, but it can be pushed to 4.16 now.
This bug was referenced in samba v4-16-test: 302f9acb4a0c689a572b157f4947333485d05724 b8e20583b052aeb8f1bda381f7a0dab420325e8d 4b6a6af868c03407d41dd978e8a72b1acbc87720
Re-assigning to Metze.
This bug was referenced in samba v4-16-stable (Release samba-4.16.0rc5): 302f9acb4a0c689a572b157f4947333485d05724 b8e20583b052aeb8f1bda381f7a0dab420325e8d 4b6a6af868c03407d41dd978e8a72b1acbc87720
Created attachment 17196 [details] Patches for v4-15-test
Created attachment 17197 [details] Patches for v4-14-test
Comment on attachment 17196 [details] Patches for v4-15-test In the first commit, 'str' should probably be freed in the HDB_ERR_NOT_FOUND_HERE case. Also, in the second commit, final_ret should be initialised to 0.
Comment on attachment 17196 [details] Patches for v4-15-test The backport left final_ret uninitialized
Comment on attachment 17197 [details] Patches for v4-14-test The backport left final_ret uninitialized...
Created attachment 17212 [details] Patches for v4-15-test
Created attachment 17213 [details] Patches for v4-14-test
I love how simple this ended up, even for the backport. Assigning to Jule for 4.14 and 4.15
For 4.15 and 4.16, don't we have a leak if 'str' isn't freed after calling clientdb->hdb_auth_status()? Anyway, it's only a minor thing.
Comment on attachment 17212 [details] Patches for v4-15-test Yes, we should free str
Created attachment 17225 [details] Patches for v4-15-test
Created attachment 17226 [details] Patches for v4-14-test
This bug was referenced in samba v4-14-test: 68f55294eb0c37da3c4e3f76d5c3154e762d46ad 1a1b789b2fe6672604f2e2f5c5e7a30f5a1c90a2
This bug was referenced in samba v4-15-test: 5aa5648cc4b0497a000c31e8b40cdaaa6c18769e b4d5a906df8b23363365559e31887403bace1482
This bug was referenced in samba v4-14-stable (Release samba-4.14.13): 68f55294eb0c37da3c4e3f76d5c3154e762d46ad 1a1b789b2fe6672604f2e2f5c5e7a30f5a1c90a2
This bug was referenced in samba v4-15-stable (Release samba-4.15.7): 5aa5648cc4b0497a000c31e8b40cdaaa6c18769e b4d5a906df8b23363365559e31887403bace1482