Web lists-archives.com

Re: [Samba] RODC and LDAP via Simple Authentication fails




On Mon, 2018-01-22 at 22:07 +0100, Johannes Engel via samba wrote:
> Am 22.01.2018 um 21:39 schrieb Andrew Bartlett:
> > On Mon, 2018-01-22 at 21:30 +0100, Johannes Engel via samba wrote:
> > > [2018/01/22 21:15:50.022197,  2]
> > > ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)
> > >   auth_check_password_recv: sam_failtrusts authentication for user
> > > [MYDOMAIN\ldap] FAILED with error NT_STATUS_NO_TRUST_LSA_SECRET,
> > > authoritative=1
> > 
> > Hmm.  Are you sure the RODC's join to the domain is all OK?
> 
> Certainly to me it looks ok:

..

> Any thoughts?
> Best regards
> Johannes

All I can suggest is trying Samba 4.8rc1.  

The stack involved changed again for 4.8, which might be what is going
on here.  Otherwise it looks like a bug which will need a code fix. 
I've CC'ed Garming who did a lot of the RODC work, I'm not sure (please
check) if simple binds were in the RODC testsuite, and perhaps the
first thing you could do towards fixing this would be to add such a
failing test.

Sorry,

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba