Ubuntu

Can't change password in samba from a windows client if samba runs on ipv6 only interface.

Asked by Michael Alzheimer

Hi,

during upgrading our whole system to ipv6, latest samba AD ( 3 DCs ) Version 4.6.8 and windows 10 clients i noticed the problem, that users are unable to change their password in the AD Domain from a Windows Client.

The samba DCs run on a ipv6 address (interfaces = 2a00:xxx:xxx::9; bind interfaces only = Yes). So does the Clients.
It is compiled by ourself in a custom sbuild environment. We took the 4.6.7 artful debian package and build a backport for 4.6.8 with xenial. (and of course the dependency packages: cmocka, talloc, tdb, tevent, ldb)

During password change the windows clients always says that the domain is currently unavailable.

After digging into it i found the problem in the krb5_samba.c file, Line150 and 183. The Part with "#if defined(HAVE_IPV6) && defined(KRB5_ADDRESS_INET6)" is not compiled. It pointed out that HAVE_IPV6 is set, but KRB5_ADDRESS_INET6 seems not to be set during compile time.

Our - i guess dirty - solution was, to add a patch "99_xx.diff" (see below):
With this patch we were able to build the 4.6.8 Samba on xenial as ubuntu package, and the clients are able to change their password now. - So, everything works now as expected.

I'm currently not sure if that is a "real" ubuntu or samba bug, or if it only affects us because of the custom build environment / artful to xenial backport.

Maybe someone who is familiar with the samba project / code can have short look for it.

This is the patch, that fixed it for us:

Index: samba-4.6.8/lib/krb5_wrap/krb5_samba.c
===================================================================
--- samba-4.6.8.orig/lib/krb5_wrap/krb5_samba.c
+++ samba-4.6.8/lib/krb5_wrap/krb5_samba.c
@@ -150,7 +150,7 @@ bool smb_krb5_sockaddr_to_kaddr(struct s
                                krb5_address *pkaddr)
 {
        memset(pkaddr, '\0', sizeof(krb5_address));
-#if defined(HAVE_IPV6) && defined(KRB5_ADDRESS_INET6)
+#if defined(HAVE_IPV6)
        if (paddr->ss_family == AF_INET6) {
                pkaddr->addr_type = KRB5_ADDRESS_INET6;
                pkaddr->address.length = sizeof(((struct sockaddr_in6 *)paddr)->sin6_addr);
@@ -183,7 +183,7 @@ bool smb_krb5_sockaddr_to_kaddr(struct s
                                krb5_address *pkaddr)
 {
        memset(pkaddr, '\0', sizeof(krb5_address));
-#if defined(HAVE_IPV6) && defined(ADDRTYPE_INET6)
+#if defined(HAVE_IPV6)
        if (paddr->ss_family == AF_INET6) {
                pkaddr->addrtype = ADDRTYPE_INET6;
                pkaddr->length = sizeof(((struct sockaddr_in6 *)paddr)->sin6_addr);

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

I suggest that you create a bug report with this information.

Can you help with this problem?

Provide an answer of your own, or ask Michael Alzheimer for more information if necessary.

To post a message you must log in.