[SRU] [karmic] Authentication failure from Windows 7 when domain joined.

Statement of Impact:

Karmic shipped with a bug that prevents Windows 7 clients from authenticating against a Windows Domain. More information can be found at:

https://bugzilla.samba.org/show_bug.cgi?id=6680

How this bug has been addressed:

This bug has been fixed in samba 3.4.1 and I have back ported the fix to 3.4.0. I have attached the patch which fixes this issue.

Steps to Reproduce:

1. Install samba
2. Install Windows 7
3. Have it join a windows domain

If you have any questions please let me know.

Release note:

After upgrading samba to 3.4.0, users using Windows 7 will not be able to authenicate to a Windows domain. The work around is:

http://wiki.samba.org/index.php/Windows7

A fix for this issue is expected to be provided in a post-release update immediately after the Ubuntu 9.10 release.

I reviewed the package in -proposed, approved. Will accept right after karmic release.

(Note, I'd appreciate if you review patches after generating. This one again has an .orig file in it)

Documented at <https://wiki.ubuntu.com/KarmicKoala/ReleaseNotes#Windows%207%20domain%20member%20fails%20to%20authenticate%20to%20Ubuntu%209.10%20Samba%20domain%20controller>:

After upgrading a Samba domain controller to Ubuntu 9.10, Windows 7 domain members will not be able to authenticate to it even if their registry settings were modified as outlined in [[http://wiki.samba.org/index.php/Windows7]] prior to joining the Samba domain. A fix for this issue will be provided in a post-release update immediately after the Ubuntu 9.10 release. (Bug:541411)

Accepted samba into karmic-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Can't copy karmic-proposed to lucid since lucid has a never version. Chuck, please apply the patch there as well. Thanks!

This should already be fixed for lucid.

Regards
chuck

Can someone please confirm that the package in karmic-proposed fixes this issue? I would like to also get an SRU in for bug #462169, and ideally we would publish -3ubuntu5.1 to -updates first.

I've installed the samba packages(3.4.0-3ubuntu5.1) from karmic-proposed yesterday, and sadly it didn't improve anything at all.
I could join the domain with the client(I could do that with the version released in karmic too though), but the user login still fails with the error: "The trust relationship between this workstation and the primary domain failed."

Leaving the domain, deleting the machine account and then rejoining the domain didn't help either.

My mistake.

I've previously edited two additional keys under the NetLogon section, that were mentioned a howto before. Seems it doesn't work that way anymore. After reseting those keys back to their original value domain logon works again as before in jaunty, so the release in karmic-proposed _did_ fix the issue.

Thanks for testing!

This bug was fixed in the package samba - 2:3.4.0-3ubuntu5.1

---------------
samba (2:3.4.0-3ubuntu5.1) karmic-proposed; urgency=low

  * debian/patches/fix-smbclient-long-names.patch: Samba shares with more than 12 characters are not
    displayed. (LP: #449735)
  * debian/patches/fix-upstream-6680.patch: Fix Windows 7 computers joining a domain. Without
    this patch users will have to apply a registry hack to have their Windows 7 computers
    join a Windows Domain [http://wiki.samba.org/index.php/Windows7] (LP: #462626)

 -- Chuck Short <email address hidden> Tue, 27 Oct 2009 21:04:53 -0400

I am still experiencing the problem outlined in the 8.10 release. Is it fixed? If so, could you provide more specific information on how to switch to authentication with NTLMv1 and how to add an SPN via use of a hostname?

Thanks!

Sorry. I meant 9.10 release.