[SRU] Samba with "ldap passwd sync = only" fails to change passwords

Bug #242325 reported by Laurent Pinchart on 2008-06-23
8
Affects Status Importance Assigned to Milestone
samba
Fix Released
Medium
samba (Ubuntu)
Undecided
Chuck Short
Hardy
Undecided
Unassigned
Intrepid
Undecided
Chuck Short

Bug Description

Binary package hint: samba

Description: Ubuntu 8.04
Release: 8.04

samba:
  Installed: 3.0.28a-1ubuntu4.2
  Candidate: 3.0.28a-1ubuntu4.2
  Version table:
 *** 3.0.28a-1ubuntu4.2 0
        500 http://be.archive.ubuntu.com hardy-updates/main Packages
        500 http://security.ubuntu.com hardy-security/main Packages
        100 /var/lib/dpkg/status
     3.0.28a-1ubuntu4 0
        500 http://be.archive.ubuntu.com hardy/main Packages

Samba configured with an ldap backend and 'ldap passwd sync' set to 'only' silently fails to change user passwords.

When a samba client requests a password change, samba returns a success return code but doesn't try to change the password. The bug has been reported to the Samba team (https://bugzilla.samba.org/show_bug.cgi?id=4901) and fixed upstream (http://gitweb.samba.org/?p=samba.git;a=commit;h=1dd8fa9a521046f1de8173ac00224706c5249665).

Can the patch be backported to Ubuntu Hardy ?

Chuck Short (zulcss) wrote :

Seems reasonable I will include this patch for a bunch of fixes after 8.04.1 is out. Thanks for pointing that out.

chuck

Changed in samba:
assignee: nobody → zulcss
status: New → Confirmed
Chuck Short (zulcss) wrote :

After samba 3.0.22a has been released ldap passwd = only has been broken. The reason for this is that
Windows XP will report success but the password will never be updated. Please see https://bugzilla.samba.org/show_bug.cgi?id=4901 for more information. To fix this issue I have backported the patch that fixes this issue in the git tree. I have attached the fix to this bug report.

TEST CASE:

1. Setup samba and openldap with a joined windows xp client.
2. Try to change the password and see if the password has changed.

Note: Testing this should be done by someone who already has this setup. If you have any questions please feel free to ask.

Griffon (griffon-dotlan) wrote :

Somehow your patch won't apply on my samba sources. Btw. here is the link to the current patch from the samba dev team.
http://gitweb.samba.org/?p=samba.git;a=commitdiff_plain;h=3100119b97064135b4c696227349dd174d5663bf

It seems that it is the same patch, but it applies correctly without patching an .orig files.

Changed in samba:
status: Unknown → Fix Released
Martin Pitt (pitti) wrote :

Chuck, can you please reupload this with the changelog formatting fixed and fix-ldap-password-sync.patch cleaned up? (Please drop the .orig file there). Thanks!

Martin Pitt (pitti) wrote :

Accepted into -proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in samba:
status: New → Fix Committed
Chuck Short (zulcss) wrote :

Laurent,

Can you please test this bug?

Thanks
chuck

Hi Chuck,

On Wednesday 06 August 2008, Chuck Short wrote:
> Laurent,
>
> Can you please test this bug?

I suppe you mean the hardy-proposed package ? I will Monday at my office.

Best regards,

Laurent

Chuck Short (zulcss) wrote :

Hi Laurent,

Any update?

Thanks
chuck

Sorry for the delay. samba 3.0.28a-1ubuntu4.5 from hardy-proposed fixes the problem.

Laurent

Chuck Short (zulcss) wrote :

Pitti,

The fix is ok according to Laurent.

chuck

Martin Pitt (pitti) wrote :

Copied to hardy-updates.

Changed in samba:
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

Chuck, please apply this to Intrepid ASAP. Thanks!

Changed in samba:
milestone: none → intrepid-alpha-6
status: Confirmed → Fix Committed
Chuck Short (zulcss) wrote :

Already fixed for intrepid.

chuck

Changed in samba:
status: Fix Committed → Fix Released
Changed in samba:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.