Bug 14922 - Kerberos authentication on standalone server in MIT realm broken
Summary: Kerberos authentication on standalone server in MIT realm broken
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.15.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-12-03 11:37 UTC by Ralph Böhme
Modified: 2021-12-15 14:55 UTC (History)
1 user (show)

See Also:

Attachments
Patch for v4-15-test (2.00 KB, patch)
2021-12-07 09:49 UTC, Stefan Metzmacher 		slow: review+
Details
Patch for v4-14-test (2.00 KB, patch)
2021-12-07 09:53 UTC, Stefan Metzmacher 		slow: review+
Details
Patches for v4-13-test (2.00 KB, patch)
2021-12-07 10:22 UTC, Stefan Metzmacher 		slow: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Böhme 2021-12-03 11:37:53 UTC 
This looks like a regression introduced by the recent security fixes.

As a workaround it might be possible to use the username map script based on the example in https://bugzilla.samba.org/show_bug.cgi?id=14901#c0.

Reported-at: https://lists.samba.org/archive/samba/2021-November/238720.html
Comment 1 Samba QA Contact 2021-12-03 12:55:39 UTC 
This bug was referenced in samba master:

1e61de8306604a0d3858342df8a1d2412d8d418b
Comment 2 Stefan Metzmacher 2021-12-07 09:49:04 UTC 
Created attachment 17045 [details]
Patch for v4-15-test
Comment 3 Stefan Metzmacher 2021-12-07 09:53:34 UTC 
Created attachment 17046 [details]
Patch for v4-14-test
Comment 4 Stefan Metzmacher 2021-12-07 10:22:32 UTC 
Created attachment 17047 [details]
Patches for v4-13-test
Comment 5 Ralph Böhme 2021-12-07 16:52:27 UTC 
Reassigning to Jule for inclusion in 4.13, 4.14 and 4.15.
Comment 6 Stefan Metzmacher 2021-12-08 09:32:03 UTC 
(In reply to Ralph Böhme from comment #5)

Pushed to autobuild-v4-{15,14,13}-test
Comment 7 Samba QA Contact 2021-12-08 10:47:06 UTC 
This bug was referenced in samba v4-15-test:

5db0cb09e94ad249282b94dea5f21201ed3a1c95
Comment 8 Samba QA Contact 2021-12-08 14:56:56 UTC 
This bug was referenced in samba v4-15-stable (Release samba-4.15.3):

5db0cb09e94ad249282b94dea5f21201ed3a1c95
Comment 9 Samba QA Contact 2021-12-08 14:58:19 UTC 
This bug was referenced in samba v4-14-test:

b0d67dc3d42b81e5e35da26a333c4fcd67baab1f
Comment 10 Samba QA Contact 2021-12-08 16:50:03 UTC 
This bug was referenced in samba v4-13-test:

1e27b820dff2ff9ef99b4d5dc8e85548a2ad92b4
Comment 11 Jule Anger 2021-12-08 18:06:14 UTC 
Closing out bug report.

Thanks!
Comment 12 Samba QA Contact 2021-12-15 14:26:03 UTC 
This bug was referenced in samba v4-13-stable (Release samba-4.13.15):

1e27b820dff2ff9ef99b4d5dc8e85548a2ad92b4
Comment 13 Samba QA Contact 2021-12-15 14:55:15 UTC 
This bug was referenced in samba v4-14-stable (Release samba-4.14.11):

b0d67dc3d42b81e5e35da26a333c4fcd67baab1f