Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 154558 - Winbind refuses to authenticate against Windows 2003 SP1
Summary: Winbind refuses to authenticate against Windows 2003 SP1
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: samba
Version: 4.0
Hardware: i686
OS: Linux
Target Milestone: ---
: ---
Assignee: Jay Fenlason
QA Contact: David Lawrence
Depends On:
Blocks: 156323
TreeView+ depends on / blocked
Reported: 2005-04-12 17:53 UTC by Tarun Reddy
Modified: 2014-08-31 23:27 UTC (History)
7 users (show)

Fixed In Version: RHBA-2005-629
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-10-05 15:33:54 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2005:629 qe-ready SHIPPED_LIVE Updated Samba packages 2005-10-05 04:00:00 UTC

Description Tarun Reddy 2005-04-12 17:53:02 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.6) Gecko/20050331 Camino/0.8.3

Description of problem:
When authenticating against Windows 2003 SP1, there is a problem with LSAOPEN that doesn't occur with non-SP1 systems. This is fixed in Samba 3.0.14.

Specifically, this appears to be the patch for the problem against 3.0.13...

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Setup system-config-authentication to use winbind against a 2003 server (non-sp1)
2. Check authentication. Works.
3. Upgradet 2003 server to SP1
4. Check authentication. Doesn't work.
5. Remove SP1 from 2003 server.
6. Check authentication. Works again.

Additional info:

Comment 6 Marcin Krzysztof Porwit 2005-06-01 23:47:03 UTC
The temporary workaround for this is to set the following in the [global]
section of the smb.conf file:
  "client schannel = no"
This allows samba to fall back to an alternate crypto api and work with 2003sp1

Comment 10 Vince Worthington 2005-06-15 19:15:53 UTC
Will build a 3.0.10-1.4E-based Samba RPM for RHEL4 and try this patch out and
report back on how it works.  I have a Windows 2003 server here in my test
environ  so should be able to confirm if it works.  Will post an update here to


Comment 14 Tarun Reddy 2005-07-06 15:30:27 UTC
Work around provided by Marcin works. Also the FC4 samba RPM works without the
workaround (on FC4. Did not attempt to recompile for RHEL3/4)


Comment 15 David Jansen 2005-07-21 12:57:03 UTC
Will we see an updated samba package for RHEL 4 (and possibly FC3 as well) in
the forseable future?

Comment 18 Matt Seitz 2005-09-28 16:33:53 UTC
I'm surprised to see that a fix was just released for RHEL 3, but not RHEL 4. 
Hopefully that will follow soon.

Comment 19 Matt Seitz 2005-09-28 16:49:30 UTC
I just found out there is a beta fix available on the RHEL 4 beta channel:

Comment 20 Red Hat Bugzilla 2005-10-05 15:33:54 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.