Bug 4226 - SAMBA_3_0: pam_winbind krb5_auth fails with heimdal 0.7.2
Summary: SAMBA_3_0: pam_winbind krb5_auth fails with heimdal 0.7.2
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.23c
Hardware: Other Linux
: P3 normal
Target Milestone: none
Assignee: Guenther Deschner
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-11-14 11:03 UTC by Simo Sorce
Modified: 2007-02-01 09:10 UTC (History)
0 users

See Also:

Attachments
use init_creds_opt_alloc (3.84 KB, patch)
2006-11-17 10:42 UTC, Guenther Deschner 		no flags Details
slightly modified version of that patch (3.84 KB, patch)
2006-11-20 05:47 UTC, Guenther Deschner 		no flags Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Simo Sorce 2006-11-14 11:03:34 UTC 
If pam_winbind is comfigured to do krb5_auth then the following error is returned:

   winbindd_raw_kerberos_login: kinit failed for 'administrator@EXAMPLE.COM' with: Invalid argument (22)

Authentication always falls back to samlogon (not that cached_login does not work in this situation).

Further investigation with gdb reveals that the failing function is:
krb5_get_init_creds_opt_set_pac_request() called by kerberos_kinit_password_ext()
Comment 1 Simo Sorce 2006-11-15 14:15:06 UTC 
It's in the title but just to make it clear.
This happen with heimdal 0.7.1, on Ubuntu 6.10 (Edgy)
Comment 2 Simo Sorce 2006-11-15 14:16:45 UTC 
CORRECTION: it is with heimdal 0.7.2 and NOT with 0.7.1
Comment 3 Guenther Deschner 2006-11-16 09:48:13 UTC 
Simo, just to make sure: this is with a w2k3dc (sp1), right?
Comment 4 Simo Sorce 2006-11-16 10:17:05 UTC 
Windows 2003 SP1
Comment 5 Guenther Deschner 2006-11-17 10:42:19 UTC 
Created attachment 2224 [details]
use init_creds_opt_alloc

Simo, can you test this patch, please?
Comment 6 Guenther Deschner 2006-11-17 10:42:44 UTC 
This is against 3_0_RELEASE, btw.
Comment 7 Guenther Deschner 2006-11-20 05:47:50 UTC 
Created attachment 2227 [details]
slightly modified version of that patch
Comment 8 Guenther Deschner 2006-11-23 11:18:27 UTC 
Simo ?
Comment 9 Gerald (Jerry) Carter (dead mail address) 2006-12-21 11:32:40 UTC 
Guenther,  please apply if not already in the tree.  We have 
at least one confirmation on the mailing of the patch.
Comment 10 Guenther Deschner 2007-02-01 09:10:45 UTC 
Fixed with rev 21110.