On Thu, 2016-04-14 at 18:07 +0200, Jelle de Jong wrote: > I used the following commands to downgrade my packages and it > resolved > the security regression as workaround. > > # problem > net rpc group -S localhost -U Administrator%<secret> > Could not connect to server localhost > Connection failed: NT_STATUS_ACCESS_DENIED > > # workaround > aptitude install samba=2:3.6.6-6+deb7u7 > aptitude install samba-common-bin=2:3.6.6-6+deb7u7 > aptitude install samba-doc=2:3.6.6-6+deb7u7 > > # check versions: > dpkg -l libnss-winbind libpam-winbind libwbclient0 samba samba-common > samba-common-bin samba-doc smbclient winbind
This has been reported upstream, the workaround for NT_STATUS_ACCESS_DENIED errors as a client is to set 'client ipc signing = no'. This NEWS file was missed in the release, and covers this situation. https://anonscm.debian.org/cgit/pkg-samba/samba.git/commit/?h=wheezy&id =0c40b90790187f2028a87cc8ae5f9c77f8394e32 We do realise the irony that the 3.6 package can't talk to itself out of the box, and it appears that an additional capability may be back -ported to the 3.6 series as a regression by some of my fellow team members also supported this version for other distos. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
