A windows update issued for all windows server and desktop versions on July 13th breaks the secure channel connection and thus domain trust and thus logon via RDP, access to shares and other things. The issue is diagnosed here and there is a patch: https://bugzilla.samba.org/show_bug.cgi?id=15418 This is quite urgent as it breaks domains with a samba PDC in all kind of ways. Reproducible: Always Steps to Reproduce: 1. Install latest windows updates in a domain with a samba PDC 2. Watch everything break 3. Can confirm breakage by seeing false in this powershell command on a windows client with the latest update: Test-ComputerSecureChannel -Verbose
I've applied the patch linked in the bug report to net-fs/samba-4.18.3 in my overlay and confirmed it fixes all issues. I can log in via RDP again, access file shares and Test-ComputerSecureChannel returns True again. From what I read people are applying the patch successfully to samba versions as old as 4.13.13, so we might want to issue updates for all our supported versions (i.e. 4.16+).
For reference this is the patch: https://cpaste.org/?df0494cac0063e2e#Cx69G684EBPQ71S6sAUVXSYburgV6gPyKHfPSbfmHZPJ
*** Bug 910335 has been marked as a duplicate of this bug. ***
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c580697941c0090848274bea073c0d3ef555032a commit c580697941c0090848274bea073c0d3ef555032a Author: David Seifert <soap@gentoo.org> AuthorDate: 2023-07-16 10:32:23 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2023-07-16 10:32:23 +0000 net-fs/samba: add 4.18.4 Bug: https://bugs.gentoo.org/910306 Bug: https://bugs.gentoo.org/910334 Signed-off-by: David Seifert <soap@gentoo.org> net-fs/samba/Manifest | 1 + ...4-bug-15418-windows-update-secure-channel.patch | 56 +++ net-fs/samba/files/samba-4.18.4-pam.patch | 29 ++ net-fs/samba/samba-4.18.4.ebuild | 384 +++++++++++++++++++++ 4 files changed, 470 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d32095b165e0f127a89bbf6af1d99b0c7386cfa2 commit d32095b165e0f127a89bbf6af1d99b0c7386cfa2 Author: David Seifert <soap@gentoo.org> AuthorDate: 2023-08-03 15:33:46 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2023-08-03 15:33:46 +0000 net-fs/samba: drop 4.16.8 Bug: https://bugs.gentoo.org/910306 Bug: https://bugs.gentoo.org/910334 Signed-off-by: David Seifert <soap@gentoo.org> net-fs/samba/Manifest | 1 - .../files/samba-4.15.12-configure-clang16.patch | 117 ------- .../files/samba-4.15.9-libunwind-automagic.patch | 118 ------- .../samba/files/samba-4.16.1-netdb-defines.patch | 25 -- .../samba-4.16.2-fix-musl-without-innetgr.patch | 25 -- net-fs/samba/files/samba-4.4.0-pam.patch | 29 -- net-fs/samba/samba-4.16.8.ebuild | 387 --------------------- 7 files changed, 702 deletions(-)
