ntlm_auth returns invalid NT_KEY
Bug #623342 reported by
Aiko Barz
This bug affects 6 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba |
Fix Released
|
Critical
|
|||
samba (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Lucid |
Fix Released
|
Low
|
Unassigned | ||
Maverick |
Fix Released
|
Low
|
Unassigned |
Bug Description
Binary package hint: winbind
ntlm_auth returns an invalid response key. This makes programs like freeradius fail. So, it is impossible to authenticate against Active Directory. This affects 802.1X WLAN setups for example, that authenticate against freeradius/Active Directory.
Other programs like Squid may authenticate against Radius too.
This bug seems to be fixed in the not yet released Samba-3.4.9 package.
See https:/
Related branches
lp:~stefanor/ubuntu/maverick/samba/ntlm-auth-623342
- Ubuntu Development Team: Pending requested
-
Diff: 18873 lines (+18017/-338)41 files modified.pc/applied-patches (+2/-0)
.pc/security-CVE-2011-0719.patch/lib/tevent/tevent_select.c (+247/-0)
.pc/security-CVE-2011-0719.patch/lib/tevent/tevent_standard.c (+569/-0)
.pc/security-CVE-2011-0719.patch/nsswitch/libwbclient/wbc_async.c (+774/-0)
.pc/security-CVE-2011-0719.patch/nsswitch/wb_common.c (+690/-0)
.pc/security-CVE-2011-0719.patch/source3/client/client.c (+5041/-0)
.pc/security-CVE-2011-0719.patch/source3/client/dnsbrowse.c (+237/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/events.c (+330/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/g_lock.c (+766/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/packet.c (+273/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/readline.c (+201/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/select.c (+206/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/util_sock.c (+2012/-0)
.pc/security-CVE-2011-0719.patch/source3/libaddns/dnssock.c (+377/-0)
.pc/security-CVE-2011-0719.patch/source3/libsmb/nmblib.c (+1404/-0)
.pc/security-CVE-2011-0719.patch/source3/nmbd/nmbd_packets.c (+2119/-0)
.pc/security-CVE-2011-0719.patch/source3/utils/smbfilter.c (+295/-0)
.pc/security-CVE-2011-0719.patch/source3/winbindd/winbindd_dual.c (+1550/-0)
debian/changelog (+266/-316)
debian/control (+1/-1)
debian/patches/ntlm-auth-lp623342.patch (+64/-0)
debian/patches/security-CVE-2011-0719.patch (+436/-0)
debian/patches/series (+2/-0)
lib/tevent/tevent_select.c (+10/-0)
lib/tevent/tevent_standard.c (+5/-0)
nsswitch/libwbclient/wbc_async.c (+1/-1)
nsswitch/wb_common.c (+14/-0)
source3/client/client.c (+3/-1)
source3/client/dnsbrowse.c (+11/-0)
source3/lib/events.c (+8/-0)
source3/lib/g_lock.c (+3/-1)
source3/lib/packet.c (+5/-0)
source3/lib/readline.c (+5/-0)
source3/lib/select.c (+12/-0)
source3/lib/util_sock.c (+12/-3)
source3/libaddns/dnssock.c (+5/-0)
source3/libsmb/nmblib.c (+5/-0)
source3/nmbd/nmbd_packets.c (+31/-6)
source3/utils/smbfilter.c (+5/-2)
source3/winbindd/winbindd_cm.c (+13/-7)
source3/winbindd/winbindd_dual.c (+7/-0)
lp:~stefanor/ubuntu/lucid/samba/ntlm-auth-623342
- Ubuntu Development Team: Pending requested
-
Diff: 19843 lines (+18478/-101)96 files modified.pc/applied-patches (+2/-0)
.pc/security-CVE-2011-0719.patch/lib/tevent/tevent_select.c (+247/-0)
.pc/security-CVE-2011-0719.patch/lib/tevent/tevent_standard.c (+569/-0)
.pc/security-CVE-2011-0719.patch/nsswitch/wb_common.c (+690/-0)
.pc/security-CVE-2011-0719.patch/source3/client/client.c (+5022/-0)
.pc/security-CVE-2011-0719.patch/source3/client/dnsbrowse.c (+237/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/events.c (+304/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/packet.c (+267/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/readline.c (+201/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/select.c (+206/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/util_sock.c (+1989/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/wbclient.c (+715/-0)
.pc/security-CVE-2011-0719.patch/source3/libaddns/dnssock.c (+377/-0)
.pc/security-CVE-2011-0719.patch/source3/libads/cldap.c (+308/-0)
.pc/security-CVE-2011-0719.patch/source3/libsmb/nmblib.c (+1399/-0)
.pc/security-CVE-2011-0719.patch/source3/nmbd/nmbd_packets.c (+1967/-0)
.pc/security-CVE-2011-0719.patch/source3/utils/smbfilter.c (+295/-0)
.pc/security-CVE-2011-0719.patch/source3/winbindd/winbindd.c (+1440/-0)
.pc/security-CVE-2011-0719.patch/source3/winbindd/winbindd_dual.c (+1477/-0)
debian/changelog (+18/-0)
debian/control (+1/-1)
debian/patches/ntlm-auth-lp623342.patch (+63/-0)
debian/patches/security-CVE-2011-0719.patch (+438/-0)
debian/patches/series (+2/-1)
debian/po/ar.po (+1/-1)
debian/po/ast.po (+1/-1)
debian/po/be.po (+1/-1)
debian/po/bg.po (+1/-1)
debian/po/bn.po (+1/-1)
debian/po/bs.po (+1/-1)
debian/po/ca.po (+3/-3)
debian/po/cs.po (+1/-1)
debian/po/da.po (+1/-1)
debian/po/de.po (+1/-1)
debian/po/dz.po (+1/-1)
debian/po/el.po (+1/-1)
debian/po/eo.po (+1/-1)
debian/po/es.po (+2/-3)
debian/po/et.po (+1/-1)
debian/po/eu.po (+1/-1)
debian/po/fi.po (+1/-1)
debian/po/fr.po (+1/-1)
debian/po/gl.po (+1/-1)
debian/po/gu.po (+1/-1)
debian/po/he.po (+1/-1)
debian/po/hu.po (+1/-1)
debian/po/id.po (+1/-1)
debian/po/it.po (+1/-1)
debian/po/ja.po (+1/-1)
debian/po/ka.po (+1/-1)
debian/po/km.po (+1/-1)
debian/po/ko.po (+1/-1)
debian/po/ku.po (+1/-1)
debian/po/lt.po (+3/-3)
debian/po/ml.po (+1/-1)
debian/po/mr.po (+4/-4)
debian/po/nb.po (+6/-6)
debian/po/ne.po (+1/-1)
debian/po/nl.po (+1/-1)
debian/po/nn.po (+5/-5)
debian/po/pl.po (+1/-1)
debian/po/pt.po (+1/-1)
debian/po/pt_BR.po (+1/-1)
debian/po/ro.po (+1/-1)
debian/po/ru.po (+3/-3)
debian/po/sk.po (+1/-1)
debian/po/sl.po (+1/-1)
debian/po/sq.po (+1/-1)
debian/po/sv.po (+1/-1)
debian/po/ta.po (+1/-1)
debian/po/th.po (+1/-1)
debian/po/tl.po (+1/-1)
debian/po/tr.po (+1/-1)
debian/po/vi.po (+11/-12)
debian/po/wo.po (+1/-1)
debian/po/zh_CN.po (+1/-1)
debian/po/zh_TW.po (+1/-1)
lib/tevent/tevent_select.c (+10/-0)
lib/tevent/tevent_standard.c (+5/-0)
nsswitch/wb_common.c (+17/-0)
source3/client/client.c (+3/-1)
source3/client/dnsbrowse.c (+11/-0)
source3/lib/events.c (+8/-0)
source3/lib/packet.c (+5/-0)
source3/lib/readline.c (+5/-0)
source3/lib/select.c (+12/-0)
source3/lib/util_sock.c (+9/-2)
source3/lib/wbclient.c (+8/-1)
source3/libaddns/dnssock.c (+5/-0)
source3/libads/cldap.c (+5/-0)
source3/libsmb/nmblib.c (+5/-0)
source3/nmbd/nmbd_packets.c (+22/-2)
source3/utils/smbfilter.c (+6/-2)
source3/winbindd/winbindd.c (+6/-0)
source3/winbindd/winbindd_cm.c (+13/-7)
source3/winbindd/winbindd_dual.c (+7/-0)
Changed in samba (Ubuntu): | |
importance: | Undecided → Low |
Changed in samba: | |
status: | Unknown → Confirmed |
Changed in samba (Ubuntu): | |
status: | New → Confirmed |
Changed in samba: | |
importance: | Unknown → Critical |
tags: | added: verification-done-lucid |
Changed in samba: | |
status: | Confirmed → Incomplete |
Changed in samba: | |
status: | Incomplete → Fix Released |
To post a comment you must log in.
Is there are reason why the priority of this bug is so low? This issue prevents deployment of freeradius authenticating against Active Directory in a corporate environment.
My company has recently upgraded to using the LucidLynx server release of Ubuntu on our main servers - and this issue means that it is no longer possible to perform the necessary authentication for users on our network. In particular, this means we are no longer able to provide wireless network access to our employees - which is a serious problem.
Given that LucidLynx is a LTS release, is there a plan to release the version of Samba containing the fix for this bug to Lucid soon?