enterprise-support team mailing list archive

Thread
Date

[Bug 2116098] Re: Windows security hardening locks out schannel'ed netlogon dc calls

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <2116098@xxxxxxxxxxxxxxxxxx>
Date: Thu, 14 Aug 2025 17:02:04 -0000
Reply-to: Bug 2116098 <2116098@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

This bug was fixed in the package samba - 2:4.21.4+dfsg-1ubuntu3.4

---------------
samba (2:4.21.4+dfsg-1ubuntu3.4) plucky; urgency=medium

  * Upcoming changes to Windows Server enforce security checks even on
    schannel secured NETLOGON connections causing winbind's netlogon dc
    discovery calls to fail. (LP: #2116098):
    - d/p/s3-winbindd-avoid-using-any-netlogon-call-to-get-a-d.patch: avoid
      using any netlogon call to get a dc name
    - d/p/s3-winbindd-Fix-internal-winbind-dsgetdcname-calls-w.patch: Fix
      internal winbind dsgetdcname calls w.r.t. domain name

 -- Andreas Hasenack <andreas@xxxxxxxxxxxxx>  Mon, 21 Jul 2025 16:04:22
-0300

** Changed in: samba (Ubuntu Plucky)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2116098

Title:
  Windows security hardening locks out schannel'ed netlogon dc calls

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2116098/+subscriptions

References

[Bug 2116098] [NEW] Windows security hardening locks out schannel'ed netlogon dc calls
From: Andreas Hasenack, 2025-07-07