The Samba-Bugzilla – Bug 11008
Authentication fails when netbios/hostname is longer than MAX_NETBIOSNAME_LEN-1
Last modified: 2015-11-24 15:24:55 UTC
This is possibly a regression of bug 10896; caused by the patch to bug 10920.
If the "netbios name" option is not set in smb.conf (and the hostname is longer than 15 characters) or the "netbios name" option is > MAX_NETBIOSNAME_LEN-1 (15 + 1), then authentication fails when accessing shares because "is_myname("LONG-NETBIOS-NAME-HERE")" returns 0 when it should return 1.
Expected results: Default NETBIOS name is truncated or if set testparm should complain
Actual Results: Authentication fails when accessing protected shares
Build Date & Hardware:
It is only exhibited in 4.1.14. Reproduced on binaries provided by Arch Linux x64.
Workaround is simple, set "netbios name" to a string less than or equal to 15 chars.
This bug/regression was first reported on the Arch Linux forums: https://bbs.archlinux.org/viewtopic.php?pid=1484511#p1484511 and https://bugs.archlinux.org/index.php?do=details&action=details.addvote&task_id=43015
Some log level 10 snippets I took are below:
4.1.13 SAM account auth snippet (Good): https://gist.github.com/prydom/b18b7776e1e6f7cf2aac
4.1.14 SAM account auth snippet (Bad): https://gist.github.com/prydom/105e8a162e946e699e52
both versions smb.conf (testparam returns fine): https://gist.github.com/prydom/5953225edc9c5e7d1230
Created attachment 10616 [details]
Created attachment 10617 [details]
Re-assigning to Karolin for inclusion in 4.2.0, 4.1.next.
Pushed to autobuild-v4-[1|2]-test.
(In reply to Karolin Seeger from comment #4)
Pushed to v4-1-test and v4-2-test.
Closing out bug report.
Why does 'testparam' not flag this issue, isnt that exactly the kind of thing it is supposed to do?
This bug is present in Samba 4.1.6, not only 4.14. log.nmbd reports the problem at debug level 3. The error appears because the name string for a domain master is <domainname><padding to 15 chars><1B> = 16 chars. I cannot see any user work-around for that.
I don't think this is the same bug, although one of the symptoms (name_too_long) is the same.
I have raised bug 11618 because I believe that my comments 7 and 8 do not relate to bug 11008