[FFe] 16.04 SAMBA missing winbind packages during install
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-meta (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Release Feature Freeze Exception justification: the Xenial samba-server task refers to a non-existent package (smbpass-winbind) which provided functionality that is necessary to be a functional samba server. That package has been replaced with libpam-winbind.
[Impact]
* Installing the 'samba file server' task results in a non-function installation due to not being able to access users/authentic
* In 16.04, libpam-smbpass was removed and effectively replaced by libpam-winbind.
* The seed still refers to the libpam-smbpass in 16.04, which is not an installable package.
* While this bug does refer to both libpam-smbpass and libnss-winbind, the prior samba-server task does not install libnss-winbind (which was also available in trusty), so it's less clear that it is necessary for a generally functioning samba server.
[Test Case]
* Install the samba-server task and attempt to access AD-based functionality (auth). It will fail and libpam-winbind won't be installed.
[Regression Potential]
* Changing the seed should have low regression potential. Given that samba-server currently does not function properly (or at least as expected), this should only result in an additional package being installed (libpam-winbind) when choosing the samba-server task.
When installing 16.04 server, checking "samba file server" during install the following packages are not installed by default:
libnss-winbind
libpam-winbind
The effect is that while samba can join AD domains just fine, it cannot enumerate domain users, i.e. "sudo getent passwd" will show only local accounts, not domain accounts; also, an attempt to access a samba share will result in "access denied". Specifically, the applicable log in /var/log/samba will have the lines:
Kerberos ticket principal name is [<user>@<domain>]
[2016/07/12 10:46:23.474798, 3] ../source3/
Username <domain>\<user> is invalid on this system
Once the missing packages are installed and services are restarted (nmbd, smbd, winbind), the problem is resolved. Installing these packages creates /lib/x86_
In the distribution, checking "samba file server" should install the above listed packages or at least the release notes should specify that if this option is selected and one wishes to join an AD domain, then installing these packages is necessary.
Thx.
-ml
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: samba 2:4.3.9+
ProcVersionSign
Uname: Linux 4.4.0-28-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
BothFailedConnect: Yes
CurrentDesktop: LXDE
Date: Tue Jul 19 17:35:16 2016
NmbdLog:
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SambaServerRegr
SmbConfIncluded: Yes
SmbLog:
SourcePackage: samba
UpgradeStatus: No upgrade log present (probably fresh install)
description: | updated |
summary: |
- 16.04 SAMBA missing winbind packages during install + [FFe] 16.04 SAMBA missing winbind packages during install |
description: | updated |
This is already fixed in yakkety.