Ubuntu
samba package

  1. Bug #2027716
  2. Comment #65

Comment 65 for bug 2027716

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Focal verification

a) Secure channel test
Reproducing the bug:
ubuntu@f-smb-ad:~$ apt-cache policy samba
samba:
  Installed: 2:4.15.13+dfsg-0ubuntu0.20.04.3
  Candidate: 2:4.15.13+dfsg-0ubuntu0.20.04.3
  Version table:
 *** 2:4.15.13+dfsg-0ubuntu0.20.04.3 500
        500 http://br.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        500 http://br.archive.ubuntu.com/ubuntu focal-security/main amd64 Packages
        100 /var/lib/dpkg/status

Secure channel fails like this:
PS C:\Users\focal.SAMBA.002> Test-ComputerSecureChannel -Verbose
VERBOSE: Performing the operation "Test-ComputerSecureChannel" on target "DESKTOP-FN048B9".
False
VERBOSE: The secure channel between the local computer and the domain samba.example is broken.

I then apply the samba update to the AD machine, from proposed:

ubuntu@f-smb-ad:~$ apt-cache policy samba
samba:
  Installed: 2:4.15.13+dfsg-0ubuntu0.20.04.4
  Candidate: 2:4.15.13+dfsg-0ubuntu0.20.04.4
  Version table:
 *** 2:4.15.13+dfsg-0ubuntu0.20.04.4 500
        500 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     2:4.15.13+dfsg-0ubuntu0.20.04.3 500
        500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu focal-security/main amd64 Packages

And the secure channel test succeeds:
PS C:\Users\focal.SAMBA.002> Test-ComputerSecureChannel -Verbose
VERBOSE: Performing the operation "Test-ComputerSecureChannel" on target "DESKTOP-FN048B9".
True
VERBOSE: The secure channel between the local computer and the domain samba.example is in good condition.

b) remote desktop

Trying to connect yields this error:
[17:08:55:427] [565043:565043] [WARN][com.freerdp.crypto] - The VerifyChangedCertificate callback is deprecated, migrate your application to VerifyChangedCertx
[17:09:13:519] [565043:565043] [WARN][com.freerdp.core.nla] - SPNEGO received NTSTATUS: STATUS_TRUSTED_RELATIONSHIP_FAILURE [0xC000018D] from server
[17:09:13:519] [565043:565043] [ERROR][com.freerdp.core.nla] - SPNEGO failed with NTSTATUS: STATUS_TRUSTED_RELATIONSHIP_FAILURE [0xC000018D]
[17:09:13:519] [565043:565043] [ERROR][com.freerdp.core] - nla_recv_pdu:freerdp_set_last_error_ex ERRCONNECT_AUTHENTICATION_FAILED [0x00020009]
[17:09:13:519] [565043:565043] [ERROR][com.freerdp.core.rdp] - rdp_recv_callback: CONNECTION_STATE_NLA - nla_recv_pdu() fail

Then apply the update to the version in proposed:
ubuntu@f-smb-ad:~$ apt-cache policy samba
samba:
  Installed: 2:4.15.13+dfsg-0ubuntu0.20.04.4
  Candidate: 2:4.15.13+dfsg-0ubuntu0.20.04.4
  Version table:
 *** 2:4.15.13+dfsg-0ubuntu0.20.04.4 500
        500 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     2:4.15.13+dfsg-0ubuntu0.20.04.3 500
        500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu focal-security/main amd64 Packages

And the remote desktop connection this time works without issues.

c) As an additional test, it turns out that a simple smbclient command would also fail with an error about trust relationship, before applying the update:

ubuntu@f-smb-ad:~$ smbclient -L 192.168.100.190 -U focal
Password for [SAMBA\focal]:
session setup failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE

After the update, it works:
ubuntu@f-smb-ad:~$ smbclient -L 192.168.100.190 -U focal
Password for [SAMBA\focal]:

        Sharename Type Comment
        --------- ---- -------
        ADMIN$ Disk Remote Admin
        C$ Disk Default share
        Documents Disk
        IPC$ IPC Remote IPC
        Users Disk
SMB1 disabled -- no workgroup available

Focal verification succeeded.