As far as I can tell, this does not appear to be a -security or -updates regression. I have run the qa-regression-testing test-samba.py script with and without both 3.0.28a-1ubuntu4 and 3.0.28a-1ubuntu4.4, and both 3.0.28a-1ubuntu4 and 3.0.28a-1ubuntu4.4 fail the same tests with winbind installed. Both the security update packages and the unpatched hardy release packages fail the tests with:
======================================================================
FAIL: (SambaUser) Read user share directory contents
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-samba.py", line 533, in test_user_dir_readable
password=self.user.password)
File "./test-samba.py", line 213, in _smbdir
return self._smbcmd(mount,cmd,exitcode,user,password)
File "./test-samba.py", line 177, in _smbcmd
self.assertEquals(exitcode, rc, result + report)
AssertionError: Got exit code 1, expected 0
Command: smbclient -U ToeCnDaC -c cd unreadable;dir //localhost/forcedgroup fEOOPPnS
Domain=[HARDY-I386-SEC] OS=[Unix] Server=[Samba 3.0.28a]
tree connect failed: NT_STATUS_ACCESS_DENIED
======================================================================
FAIL: (SambaUser) Write user share remote file contents
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-samba.py", line 560, in test_user_file_write
report)
AssertionError: Should not be able to write file:
Domain=[HARDY-I386-SEC] OS=[Unix] Server=[Samba 3.0.28a]
tree connect failed: NT_STATUS_ACCESS_DENIED
----------------------------------------------------------------------
Ran 2 tests in 37.700s
FAILED (failures=2)
While winbind is intended for use with a DC, it seems clear that its installation should not break an existing samba installation. Interestingly, removing winbind and installing likewise-open (which uses a patched winbind codebase) passes all tests.
As far as I can tell, this does not appear to be a -security or -updates regression. I have run the qa-regression- testing test-samba.py script with and without both 3.0.28a-1ubuntu4 and 3.0.28a-1ubuntu4.4, and both 3.0.28a-1ubuntu4 and 3.0.28a-1ubuntu4.4 fail the same tests with winbind installed. Both the security update packages and the unpatched hardy release packages fail the tests with:
======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ------- ------- ------- ------- ------- ------- ------- ------- ------- dir_readable self.user. password) mount,cmd, exitcode, user,password) assertEquals( exitcode, rc, result + report) forcedgroup fEOOPPnS [HARDY- I386-SEC] OS=[Unix] Server=[Samba 3.0.28a] ACCESS_ DENIED
FAIL: (SambaUser) Read user share directory contents
-------
Traceback (most recent call last):
File "./test-samba.py", line 533, in test_user_
password=
File "./test-samba.py", line 213, in _smbdir
return self._smbcmd(
File "./test-samba.py", line 177, in _smbcmd
self.
AssertionError: Got exit code 1, expected 0
Command: smbclient -U ToeCnDaC -c cd unreadable;dir //localhost/
Domain=
tree connect failed: NT_STATUS_
======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ------- ------- ------- ------- ------- ------- ------- ------- ------- file_write [HARDY- I386-SEC] OS=[Unix] Server=[Samba 3.0.28a] ACCESS_ DENIED
FAIL: (SambaUser) Write user share remote file contents
-------
Traceback (most recent call last):
File "./test-samba.py", line 560, in test_user_
report)
AssertionError: Should not be able to write file:
Domain=
tree connect failed: NT_STATUS_
------- ------- ------- ------- ------- ------- ------- ------- ------- -------
Ran 2 tests in 37.700s
FAILED (failures=2)
While winbind is intended for use with a DC, it seems clear that its installation should not break an existing samba installation. Interestingly, removing winbind and installing likewise-open (which uses a patched winbind codebase) passes all tests.