Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Thanks for using the TrueNAS Community Edition issue tracker! TrueNAS Enterprise users receive direct support for their reports from our support portal.

Samba Kerberos authentication fails in MIT realms since 12.0-U6.1

Description

Since 12.0-U6.1 Samba authentication fails when using Kerberos in an MIT realm.

Upstream bug report: https://bugzilla.samba.org/show_bug.cgi?id=14922
Upstream fix: https://gitlab.com/samba-team/samba/-/commit/1e61de8306604a0d3858342df8a1d2412d8d418b

The fix is already included in Samba version 4.13.15 and 4.14.11, so I'm opening this issue to be sure that next TrueNAS release will include one of these version and not stay on 4.13.14.

It would be nice if this upgrade was released soon, because currently people using Kerberos authentication in an MIT realm, e.g., FreeIPA, have to stay on a Samba version vulnerable to CVE-2020-25717.

Thanks a lot!

To help discoverability when searching for this issue, here is the related error in {{{}/var/log/{}}}samba4/log.smdb

 

[2021/12/17 09:06:13.789613, 2] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2021/12/17 09:06:13.803657, 2] ../../auth/kerberos/gssapi_pac.c:169(gssapi_obtain_pac_blob) obtaining PAC via GSSAPI gss_inquire_sec_context_by_oid (Heimdal OID) failed: Miscellaneous failure (see text): Ticket have not authorization data of type 128

 

Problem/Justification

None

Impact

None

Activity

Show:

Bug Clerk December 20, 2021 at 7:22 PM

Andrew Walker December 17, 2021 at 11:29 AM

Thanks for filing this. We were planning to update before next release.

Complete

Details

Assignee

Reporter

Time remaining

0m

Components

Fix versions

Affects versions

Priority

Katalon Platform

Created December 17, 2021 at 9:56 AM
Updated February 1, 2022 at 6:25 PM
Resolved January 7, 2022 at 9:59 PM

Flag notifications