Bug 10574 - Authentication with umlaut characters in username fails over NTLMv2
Summary: Authentication with umlaut characters in username fails over NTLMv2
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.1.3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-29 08:12 UTC by Deepesh
Modified: 2016-07-05 14:20 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Deepesh 2014-04-29 08:12:41 UTC
The SAM logon flow for a user with umlaut characters in the username fails with NT_STATUS_WRONG_PASSWORD even though the proper password is supplied. I had observed this scenario working fine with Samba version 3.6.9. But seems to be broken in 4.1.0 and above. This was tested in 4.1.0 and 4.1.3. 

This happens when the smb.conf is configured to use ntlmv2 auth. I have pasted part of the smb.conf file below. The winbindd pipe command used is WINBINDD_PAM_AUTH and the flags passed are WBFLAG_PAM_INFO3_TEXT|WBFLAG_PAM_USER_SESSION_KEY|WBFLAG_PAM_LMKEY. Also tested with a standalone samba client running on Ubuntu using wbinfo --ntlmv2 and observed similar behavior.

[global]
    workgroup = ASGTITAN
    realm = ASGTITAN.COM
    netbios name = TESTING
    security = ads
    client ldap sasl wrapping = sign
    client schannel = yes
    winbind use default domain = yes
    name resolve order = host bcast
    allow trusted domains = yes
    client ntlmv2 auth = yes
    kerberos method = dedicated keytab
    dedicated keytab file = /etc/5.keytab
    log level = 10
    debug timestamp = no
    machine password timeout = 0

It works with kerberos based authentication and also with samlogon when client ntlmv2 auth is no.

Here is a snippet of samba logs for this scenario.

=======================================================
process_request: Handling async request 25963:PAM_AUTH
[25963]: pam auth ASGTITAN\ακαδημαϊκός
child daemon request 13
child_process_request: request fn PAM_AUTH
[26464]: dual pam auth ASGTITAN\ακαδημαϊκός
winbindd_dual_pam_auth: domain: ASGTITAN last was online
winbindd_dual_pam_auth_samlogon
     netr_LogonSamLogonEx: struct netr_LogonSamLogonEx
        in: struct netr_LogonSamLogonEx
            server_name              : *
                server_name              : '\\parent1.asgtitan.com'
            computer_name            : *
                computer_name            : 'VASPHL0LHWKZL8'
            logon_level              : NetlogonNetworkInformation (2)
            logon                    : *
                logon                    : union netr_LogonLevel(case 2)
                network                  : *
                    network: struct netr_NetworkInfo
                        identity_info: struct netr_IdentityInfo
                            domain_name: struct lsa_String
                                length                   : 0x0010 (16)
                                size                     : 0x0010 (16)
                                string                   : *
                                    string                   : 'ASGTITAN'
                            parameter_control        : 0x00000000 (0)
                                   0: MSV1_0_CLEARTEXT_PASSWORD_ALLOWED
                                   0: MSV1_0_UPDATE_LOGON_STATISTICS
                                   0: MSV1_0_RETURN_USER_PARAMETERS
                                   0: MSV1_0_DONT_TRY_GUEST_ACCOUNT
                                   0: MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
                                   0: MSV1_0_RETURN_PASSWORD_EXPIRY
                                   0: MSV1_0_USE_CLIENT_CHALLENGE
                                   0: MSV1_0_TRY_GUEST_ACCOUNT_ONLY
                                   0: MSV1_0_RETURN_PROFILE_PATH
                                   0: MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY
                                   0: MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
                                   0: MSV1_0_DISABLE_PERSONAL_FALLBACK
                                   0: MSV1_0_ALLOW_FORCE_GUEST 
                                   0: MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED
                                   0: MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY
                                   0: MSV1_0_ALLOW_MSVCHAPV2   
                                   0: MSV1_0_S4U2SELF          
                                   0: MSV1_0_CHECK_LOGONHOURS_FOR_S4U
                                   0: MSV1_0_SUBAUTHENTICATION_DLL_EX
                            logon_id_low             : 0x0000dead (57005)
                            logon_id_high            : 0x0000beef (48879)
                            account_name: struct lsa_String
                                length                   : 0x0016 (22)
                                size                     : 0x0016 (22)
                                string                   : *
                                    string                   : 'ακαδημαϊκός'
                            workstation: struct lsa_String
                                length                   : 0x0020 (32)
                                size                     : 0x0020 (32)
                                string                   : *
                                    string                   : '\\VASPHL0LHWKZL8'
                        challenge                : befec25d10905ebd
                        nt: struct netr_ChallengeResponse
                            length                   : 0x0064 (100)
                            size                     : 0x0064 (100)
                            data                     : *
                                data                     : f2134918dee81a70002f66388aa2dfba010100000000000000eff5ab6263cf01f62c2f3a73d99736000000000200100041005300470054004900540041004e0001001c00560041005300500048004c0030004c
00480057004b005a004c00380000000000
                        lm: struct netr_ChallengeResponse
                            length                   : 0x0018 (24)
                            size                     : 0x0018 (24)
                            data                     : *
                                data                     : df78e58801b1f07414bc33f8326d704d92d900527a8bb0c5
            validation_level         : 0x0006 (6)
            flags                    : *
                flags                    : 0x00000000 (0)
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_REQUEST (0)
        pfc_flags                : 0x03 (3)
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0018 (24)
        auth_length              : 0x0038 (56)
        call_id                  : 0x00000010 (16)
        u                        : union dcerpc_payload(case 0)
        request: struct dcerpc_request
            alloc_hint               : 0x000001bc (444)
            context_id               : 0x0000 (0)
            opnum                    : 0x0027 (39)
            object                   : union dcerpc_object(case 0)
            empty: struct dcerpc_empty
            _pad                     : DATA_BLOB length=0
            stub_and_verifier        : DATA_BLOB length=0
     &r: struct dcerpc_auth
        auth_type                : DCERPC_AUTH_TYPE_SCHANNEL (68)
        auth_level               : DCERPC_AUTH_LEVEL_PRIVACY (6)
        auth_pad_length          : 0x04 (4)
        auth_reserved            : 0x00 (0)
        auth_context_id          : 0x00000001 (1)
        credentials              : DATA_BLOB length=0
add_schannel_auth_footer: SCHANNEL seq_num=2
     &r: struct NL_AUTH_SHA2_SIGNATURE
        SignatureAlgorithm       : NL_SIGN_HMAC_SHA256 (0x13)
        SealAlgorithm            : NL_SEAL_AES128 (0x1A)
        Pad                      : 0xffff (65535)
        Flags                    : 0x0000 (0)
        SequenceNumber           : 4e628e233411e24c
        Checksum                 : 2bb367ec8adc4f816d8b8cd5103a98ac00000000000000000000000000000000
        Confounder               : 0000000000000000
rpc_api_pipe: host parent1.asgtitan.com
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=536, this_data=536, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0
smb_signing_md5: sequence number 20
smb_signing_sign_pdu: sent SMB signature of
[0000] 74 12 F4 6E 5B BE F0 BA                            t..n[... 
smb_signing_md5: sequence number 21
smb_signing_check_pdu: seq 21: got good SMB signature of
[0000] B6 1A 70 81 C5 01 A2 0E                            ..p..... 
rpc_read_send: data_to_read: 104
     r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_RESPONSE (2)
        pfc_flags                : 0x03 (3)
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0078 (120)
        auth_length              : 0x0038 (56)
        call_id                  : 0x00000010 (16)
        u                        : union dcerpc_payload(case 2)
        response: struct dcerpc_response
            alloc_hint               : 0x00000014 (20)
            context_id               : 0x0000 (0)
            cancel_count             : 0x00 (0)
            _pad                     : DATA_BLOB length=1
[0000] 00                                                . 
            stub_and_verifier        : DATA_BLOB length=96
[0000] 08 D0 1D 47 9C C4 8D 03   23 F7 4B 93 D6 65 A4 B3   ...G.... #.K..e..
[0010] 86 1B 2D B8 C8 56 65 51   8A 51 94 10 63 87 FE 6F   ..-..VeQ .Q..c..o
[0020] 44 06 0C 00 01 00 00 00   13 00 1A 00 FF FF 00 00   D....... ........
[0030] 30 18 BF CF 59 60 AD 2B   D9 8F F9 07 B2 F4 24 4C   0...Y`.+ ......$L
[0040] 18 D7 F8 21 F4 90 3C 30   00 00 00 00 00 00 00 00   ...!..<0 ........
[0050] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 05   ........ ........
Requested Privacy.
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 12
SCHANNEL auth
Got pdu len 120, data_len 20, ss_len 12
rpc_api_pipe: got frag len of 120 at offset 0: NT_STATUS_OK
rpc_api_pipe: host parent1.asgtitan.com returned 20 bytes.
     netr_LogonSamLogonEx: struct netr_LogonSamLogonEx
        out: struct netr_LogonSamLogonEx
            validation               : *
                validation               : union netr_Validation(case 6)
                sam6                     : NULL
            authoritative            : *
                authoritative            : 0x01 (1)
            flags                    : *
                flags                    : 0x00000000 (0)
            result                   : NT_STATUS_WRONG_PASSWORD
winbindd_dual_pam_auth_samlogon failed: NT_STATUS_WRONG_PASSWORD
Plain-text authentication for user ASGTITAN\ακαδημαϊκός returned NT_STATUS_WRONG_PASSWORD (PAM: 4)
Finished processing child request 13
Writing 3496 bytes to parent
wb_request_done[25963:PAM_AUTH]: NT_STATUS_WRONG_PASSWORD
winbind_client_response_written[25963:PAM_AUTH]: delivered response to client
closing socket 23, client exited
=======================================================


Regards,
Deepesh