One of our users upgraded their Ubuntu workstation to 9.10 and they can no longer authenticate via pam_winbind with the domain controller (Samba 3.3.7).
After the upgrade, the following messages appear in the winbind log every five minutes:
[2009/11/10 11:45:01, 0] libsmb/ntlmssp_sign.c:208(ntlmssp_check_packet)
NTLMSSP NTLM2 packet check failed due to invalid signature!
[2009/11/10 11:45:01, 0] rpc_client/cli_pipe.c:620(cli_pipe_verify_ntlmssp)
cli_pipe_verify_ntlmssp: failed to unseal packet from host SKIPPY. Error was NT_STATUS_ACCESS_DENIED.
Attempting to authenticate results in the following:
# wbinfo -a chrisa
Enter chrisa's password:
plaintext password authentication failed
Could not authenticate user chrisa with plaintext password
Enter chrisa's password:
challenge/response password authentication failed
error code was NT code 0x1c010002 (0x1c010002)
error messsage was: NT code 0x1c010002
Could not authenticate user chrisa with challenge/response
And this message appears in the winbind log:
[2009/11/10 11:44:58, 1] rpc_client/cli_pipe.c:948(cli_pipe_validate_current_pdu)
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host SKIPPY!
Binary package hint: samba
One of our users upgraded their Ubuntu workstation to 9.10 and they can no longer authenticate via pam_winbind with the domain controller (Samba 3.3.7).
# apt-cache policy winbind gb.archive. ubuntu. com karmic/main Packages dpkg/status
winbind:
Installed: 2:3.4.0-3ubuntu5
Candidate: 2:3.4.0-3ubuntu5
Version table:
*** 2:3.4.0-3ubuntu5 0
500 http://
100 /var/lib/
After the upgrade, the following messages appear in the winbind log every five minutes:
[2009/11/10 11:45:01, 0] libsmb/ ntlmssp_ sign.c: 208(ntlmssp_ check_packet) cli_pipe. c:620(cli_ pipe_verify_ ntlmssp) verify_ ntlmssp: failed to unseal packet from host SKIPPY. Error was NT_STATUS_ ACCESS_ DENIED.
NTLMSSP NTLM2 packet check failed due to invalid signature!
[2009/11/10 11:45:01, 0] rpc_client/
cli_pipe_
Attempting to authenticate results in the following:
# wbinfo -a chrisa
Enter chrisa's password:
plaintext password authentication failed
Could not authenticate user chrisa with plaintext password
Enter chrisa's password:
challenge/response password authentication failed
error code was NT code 0x1c010002 (0x1c010002)
error messsage was: NT code 0x1c010002
Could not authenticate user chrisa with challenge/response
And this message appears in the winbind log:
[2009/11/10 11:44:58, 1] rpc_client/ cli_pipe. c:948(cli_ pipe_validate_ current_ pdu) validate_ current_ pdu: RPC fault code DCERPC_ FAULT_OP_ RNG_ERROR received from host SKIPPY!
cli_pipe_
This appears to match the behaviour mentioned in the upstream bug #6646 which was fixed in Samba 3.4.1: /bugzilla. samba.org/ show_bug. cgi?id= 6646
https:/
Patch looks quite trivial. Would it be possible to backport it?
Thanks,
Chris