Bug 4799 - Samba Active Directory member: Users cant access share "failed to parse PAC"
Summary: Samba Active Directory member: Users cant access share "failed to parse PAC"
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.25b
Hardware: x86 Linux
: P3 normal
Target Milestone: none
Assignee: Guenther Deschner
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-07-18 18:01 UTC by Kolja Kirchner
Modified: 2008-11-06 04:16 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kolja Kirchner 2007-07-18 18:01:06 UTC
Hi there,

I intend to use Samba as member of Win2k Active Directory with Winbind.
But every time a user wants to access my share i get the following error: decode_pac_data: failed to parse PAC

The user is allowed to use the share ofcourse.

Slackware12
Heimdal 1.0
Samba 3.25b


LOG:
http://www.freeshells.ch/~qval/pacbug.log


STRACE:

http://www.freeshells.ch/~qval/pacbug.strace

The logs are too long to paste here so loaded them onto a webserver.
Ok, I hope this stuff is useful to you Samba guys.


Kolja Kirchner
Comment 1 Guenther Deschner 2007-07-18 18:12:48 UTC
Reproduced it with a Win2k w/o SP DC.

This is where MS used a slightly different PAC formatting. Should be fixed by installing MS updates (SP4).

In the initial PAC format (where  MS stored all domain groups SIDs as full sids instead of storing them in the rid-array) there is apparently not num_groups2 uint32. 

Can you please verify if installing latest MS updates solves that issue for you?
Comment 2 Kolja Kirchner 2007-07-19 17:59:07 UTC
Ok Ive installed SP4 on the 2k Server.
Then I tried to access the shares again, without success.
After deletion and reinstallation of Kerberos and Samba it worked.
Now I love Samba again.

Big thanks


Kolja Kirchner
Comment 3 Guenther Deschner 2008-11-06 04:16:37 UTC
Fixed since a long time.