Bug 11008 - Authentication fails when netbios/hostname is longer than MAX_NETBIOSNAME_LEN-1
Summary: Authentication fails when netbios/hostname is longer than MAX_NETBIOSNAME_LEN-1
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.1.14
Hardware: x64 Linux
: P5 regression (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on: 10896 10920
Blocks:
  Show dependency treegraph
 
Reported: 2014-12-15 01:31 UTC by Jordan Pryde
Modified: 2015-11-24 15:24 UTC (History)
3 users (show)

See Also:


Attachments
v4-2-test patch (1.07 KB, patch)
2015-01-13 17:14 UTC, Andreas Schneider
jra: review+
Details
v4-1-test patch (1.07 KB, patch)
2015-01-13 17:15 UTC, Andreas Schneider
jra: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jordan Pryde 2014-12-15 01:31:36 UTC
This is possibly a regression of bug 10896; caused by the patch to bug 10920.

If the "netbios name" option is not set in smb.conf (and the hostname is longer than 15 characters) or the "netbios name" option is > MAX_NETBIOSNAME_LEN-1 (15 + 1), then authentication fails when accessing shares because "is_myname("LONG-NETBIOS-NAME-HERE")" returns 0 when it should return 1.

Expected results: Default NETBIOS name is truncated or if set testparm should complain

Actual Results: Authentication fails when accessing protected shares

Build Date & Hardware:
It is only exhibited in 4.1.14. Reproduced on binaries provided by Arch Linux x64.

Workaround is simple, set "netbios name" to a string less than or equal to 15 chars.

This bug/regression was first reported on the Arch Linux forums: https://bbs.archlinux.org/viewtopic.php?pid=1484511#p1484511 and https://bugs.archlinux.org/index.php?do=details&action=details.addvote&task_id=43015

Some log level 10 snippets I took are below:

4.1.13 SAM account auth snippet (Good): https://gist.github.com/prydom/b18b7776e1e6f7cf2aac
4.1.14 SAM account auth snippet (Bad): https://gist.github.com/prydom/105e8a162e946e699e52

both versions smb.conf (testparam returns fine): https://gist.github.com/prydom/5953225edc9c5e7d1230
Comment 1 Andreas Schneider 2015-01-13 17:14:51 UTC
Created attachment 10616 [details]
v4-2-test patch
Comment 2 Andreas Schneider 2015-01-13 17:15:37 UTC
Created attachment 10617 [details]
v4-1-test patch
Comment 3 Jeremy Allison 2015-01-13 18:37:13 UTC
Re-assigning to Karolin for inclusion in 4.2.0, 4.1.next.
Comment 4 Karolin Seeger 2015-01-14 20:29:08 UTC
Pushed to autobuild-v4-[1|2]-test.
Comment 5 Karolin Seeger 2015-01-16 20:06:35 UTC
(In reply to Karolin Seeger from comment #4)
Pushed to v4-1-test and v4-2-test.
Closing out bug report.

Thanks!
Comment 6 Jeff Byers 2015-01-27 19:21:30 UTC
Why does 'testparam' not flag this issue, isnt that exactly the kind of thing it is supposed to do?
Comment 7 fthynne 2015-11-20 17:48:56 UTC
This bug is present in Samba 4.1.6, not only 4.14. log.nmbd reports the problem at debug level 3. The error appears because the name string for a domain master is <domainname><padding to 15 chars><1B> = 16 chars. I cannot see any user work-around for that.
Comment 8 fthynne 2015-11-23 17:01:38 UTC
I don't think this is the same bug, although one of the symptoms (name_too_long) is the same.
Comment 9 fthynne 2015-11-24 15:24:55 UTC
I have raised bug 11618 because I believe that my comments 7 and 8 do not relate to bug 11008