samba-dc package misses dependency on libcrypt.so.1
Package Information
- Package name: samba-dc
- Package version: samba-dc-4.19.4-r1
- Alpine version: "edge" - 3.18.4
- Alpine architecture: aarch64
Summary
Windows machines fail to change machine account password. They report Windows errors 3224 and 5719. Samba prints error message for : "setup_primary_userPassword: generation of a CryptSHA256 password hash failed: (No error information)" This problem introduce multiple side-effects like failures of GPO, breaking domain join, etc. Looking into Samba Source code I found that it use crypt and crypt_r functions from libcrypt shared library which is included into gcompat package.
Steps to reproduce
-
install samba-dc package
-
deploy Active Directory domain
-
add following lines to smb.conf and restart samba service:
log level = 1 auth_audit:3 auth_json_audit:3
password hash userPassword schemes = CryptSHA256 CryptSHA512
-
join Windows 10/11 machine to domain
-
adjust Domain member: Maximum machine account password age parameter on Windows machine to 1 day (HKLM\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters Value = MaximumPasswordAge REG_DWORD = 1)
-
wait for 24 hours and watch on Windows Events (Log=System Log; Source=NETLOGON). You will find event 3224. Check log.samba and log.smbd at time of recording 3224 event. You should find log record with message: "setup_primary_userPassword: generation of a CryptSHA256 password hash failed: (No error information)"
-
install gcompat package and restart samba service
-
continue watching on windows event log. Windows will continue trying to change machine account password. You should see an event 5823 which confirms password change.
There are 2 more related issues which fixed already: