Bug 12004 - Samba Client sends NT_STATUS_CONNECTION_DISCONNECTED error
Summary: Samba Client sends NT_STATUS_CONNECTION_DISCONNECTED error
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.1.19
Hardware: x64 Windows 2012
: P1 critical (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-07-01 15:44 UTC by anirudhajitani
Modified: 2017-06-03 05:57 UTC (History)
2 users (show)

See Also:


Attachments
SMB Conf File (9.35 KB, text/plain)
2016-07-01 15:44 UTC, anirudhajitani
no flags Details
This is the working scenario where file is fetched (6.30 KB, text/plain)
2016-07-01 15:46 UTC, anirudhajitani
no flags Details
This is the error case (5.20 KB, text/plain)
2016-07-01 15:46 UTC, anirudhajitani
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description anirudhajitani 2016-07-01 15:44:31 UTC
Created attachment 12248 [details]
SMB Conf File

I have 2 windows server. Both windows versions are win2k12. My client is Montavista 64 bit Linux. I get NT_STATUS_CONNECTION_DISCONNECTED error with only one server for one or 2 files and sometimes even during browsing (ls) using smbclient using Kerberos Authentication Method, however rest of the files are fetched properly. Theb error is not seen during NTLM authentication or unsigned connection. I have attached both the working and non-working scenario logs. The only difference that I found between the two logs were that there was an error in one of them:

samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x7fdee6b29a10] mpx_fde[(nil)] fd[9] - disabling

I have attached the smb.conf file along too.
Comment 1 anirudhajitani 2016-07-01 15:46:20 UTC
Created attachment 12249 [details]
This is the working scenario where file is fetched
Comment 2 anirudhajitani 2016-07-01 15:46:41 UTC
Created attachment 12250 [details]
This is the error case
Comment 3 Amit Kumar 2017-06-03 05:57:56 UTC
Queries:   
 1. Have you tried other clients (RHEL, Suse, CentOS etc)?
 2. These logs are few, Have you taken packet captures to see What message server sends while disconnecting?

This is Problem Diagram:
//No error seen on NTLM auth.    Issues only with Kerberos Authentication
[Win2012-1(smbServer)]  [Montavista-64Bit-Linux] [Win2012-2(samba-server)]
    |                      smbclient-4.19            |   
    |                            |                   |
    |                            |                   |
    |       // Browsing Win2012-1.  No issues        |
        Got KRB5 session key of length 32
        cli_init_creds: user administrator@phone1.local domain PHONE1.LOCAL
        session setup ok   

            // Browsing Win2012-2.  Issues
            Got KRB5 session key of length 32
        samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x7fdee6b29a10] mpx_fde[(nil)] fd[9] - disabling
        SPNEGO login failed: NT_STATUS_CONNECTION_DISCONNECTED
           
Digging in Code:
SessionKey is assigned by server in Session-SetUp Response message.               

bool smb_krb5_get_smb_session_key(){
    DEBUG(10, ("Got KRB5 session key of length %d\n",(int)KRB5_KEY_LENGTH(skey)));
}
epoll_del_event(struct epoll_event_context *epoll_ev, struct tevent_fd *fde){
    ret = epoll_ctl(epoll_ev->epoll_fd, EPOLL_CTL_DEL, fde->fd, &event);
    if (ret != 0 && errno == ENOENT) {
    } else if (ret != 0 && errno == EBADF) {        //EBADF.Bad file descriptor (POSIX.1).
               tevent_debug(epoll_ev->ev, TEVENT_DEBUG_WARNING,
                             "EPOLL_CTL_DEL EBADF for "
                             "fde[%p] mpx_fde[%p] fd[%d] - disabling\n",
                             fde, mpx_fde, fde->fd);
    }
}
In what cases epoll_ctl returns EBADF? http://refspecs.linux-foundation.org/LSB_4.0.0/LSB-Core-generic/LSB-Core-generic/libc-epoll-ctl-1.html
The parameter epfd or the parameter fd is an invalid file descriptor.
Means epoll_ev->epoll_fd is Invalid or Windows has closed the connection.

Suggested Action Plan:
1. Are there any access policies on windows2012, which is restricting the connection.
2. What's difference in Access policies on both windows machines. Why Issue happens with only 1 machine.
3. Install fresh window-server-2012 without restricted access and try connecting, also see wireshark (if it fails).
4. Try connecting to your montavista-linux with win2008 (or some other variant)