For a computer object, it is possible, if very strange, to have an account with an @ in it. This breaks the string-based preparation of the salt. We need to prepare the principal using Kerberos routines to ensure this escaped, not thought to be the delimiter with the realm. I'm working on a patch and some tests.
This blocks bug 14753 as this change makes new users of objectclass computer use UF_WORKSTATION_TRUST (previously UF_NORMAL_ACCOUNT). This breaks a test "virtual email accounts" in bind.py that was putting user@domain in a samAccountName as the new salt doesn't parse.
This bug was referenced in samba master: a5a6296e57cab2b53617d997c37b4e92d4124cc7 7e39994ed341883ac4c8c257220c19dbf70c7bc5 f4785ccfefe7c89f84ad847ca3c12f604172b321 889476d1754f8ce2a41557ed3bf5242c1293584e 25bdf4c994e4fdb74abbacb1e22237f3f2cc37fe 46039baa81377df10e5b134e4bb064ed246795e4 5eeb441b771a1ffe1ba1c69b72e8795f525a58ed
This bug was referenced in samba master: 5094d986b7686f057195dcb10764295b88967019
This bug was referenced in samba v4-15-test: cd1b3cbce5033664d18dc11db3d96c3cdb356afb 4cedeb3253863467adf7e2638167221cbf930f82 8c0296c8956d0328ac111deb1b2d932a24ab50fa fcd11a480e7402985941de974fb0a3f273748ce0 798ac7ff1babe6293fb97deeacb2eff0b018fde0 b1dbaecb2ec14cdacabf6188ff68bad42d3bbffe c72b210cdca5bae5377d1069b8e59044f219356c 753e0dfc6c9def1aebacc593fd4130882ce3ff32
This bug was referenced in samba v4-14-test: 3a813c6d70e0a6b390f550ec208599ad4f79a661 cf03277b663796a22d9fffbfdb6db270169a0385 68f9cc0b9f299f8690036b19570826b1798b1523 b2157fd16de68853c98422cfcaea6bd35faa3a42 46ef1ac3f37118aa6c4a67c98a6fbd3829905153 d79ddfb027a47a5cf81f14d77ebced2b38844442 51324ea4a6507d550f08b7166701f72f7752a100 6b5aba80e648a2b1c67c802c44ea7060540ac262
This bug was referenced in samba v4-15-stable (Release samba-4.15.1): cd1b3cbce5033664d18dc11db3d96c3cdb356afb 4cedeb3253863467adf7e2638167221cbf930f82 8c0296c8956d0328ac111deb1b2d932a24ab50fa fcd11a480e7402985941de974fb0a3f273748ce0 798ac7ff1babe6293fb97deeacb2eff0b018fde0 b1dbaecb2ec14cdacabf6188ff68bad42d3bbffe c72b210cdca5bae5377d1069b8e59044f219356c 753e0dfc6c9def1aebacc593fd4130882ce3ff32
This bug was referenced in samba v4-14-stable (Release samba-4.14.9): 3a813c6d70e0a6b390f550ec208599ad4f79a661 cf03277b663796a22d9fffbfdb6db270169a0385 68f9cc0b9f299f8690036b19570826b1798b1523 b2157fd16de68853c98422cfcaea6bd35faa3a42 46ef1ac3f37118aa6c4a67c98a6fbd3829905153 d79ddfb027a47a5cf81f14d77ebced2b38844442 51324ea4a6507d550f08b7166701f72f7752a100 6b5aba80e648a2b1c67c802c44ea7060540ac262
This bug was referenced in samba v4-13-test: 4056198f4c950b77569c247beaff1bbdf3acf8f5 a2a173d70ad4e9ea54b336ef9660897ea6ed58d6 3f376eeaa88237a15a523cbf1c11a75e20f3ffc8 a742af325f904396973bb274e5413c437dce487a d3b491c31164c8ac6c9f4c0a35742684efe0d61d ae6d74c9ef81b7fda5617948f4cc7b1be7c279a9 274f16103f69d98b9262575d043d84bb9a1b53eb 0cea7f53c01718ec1d5d86a415ca494e1899501f
This bug was referenced in samba v4-13-stable (Release samba-4.13.13): 4056198f4c950b77569c247beaff1bbdf3acf8f5 a2a173d70ad4e9ea54b336ef9660897ea6ed58d6 3f376eeaa88237a15a523cbf1c11a75e20f3ffc8 a742af325f904396973bb274e5413c437dce487a d3b491c31164c8ac6c9f4c0a35742684efe0d61d ae6d74c9ef81b7fda5617948f4cc7b1be7c279a9 274f16103f69d98b9262575d043d84bb9a1b53eb 0cea7f53c01718ec1d5d86a415ca494e1899501f
The patches addressing this issue have been pushed to master and security releases made.