Bug 1273 - internal error occurs while domain users try to access file servers
Summary: internal error occurs while domain users try to access file servers
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.1
Hardware: All Linux
: P3 critical
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact:
Depends on:
Reported: 2004-04-18 07:39 UTC by Shun Ikuta
Modified: 2005-08-24 10:25 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Shun Ikuta 2004-04-18 07:39:42 UTC
Hello experts,

I have installed Samba3.0.1 for "Account Domain" and 
openLDAP2.2.6 for backend database for user 
accounts. I have also prepared Windows2000 Server 
for "Resource Domain controller" to register machine 
accounts for a file server and a client machine.
There is WINS service which is prepared in this 
Windows2000 Server.

The problem I have is that domain users are not able to 
access file server machine. 

I will try to describe the Samba+LDAP environment below.

== Operation System(OS) and installed software description ===

Machine No 1. 
 Vendor: Hewlett Packard Evo 500US
 OS: Redhat Linux 9
 Software: Samba3.0.1
 Use: Samba PDC Account Domain

Machine No 2. 
 Vendor: Sun Microsystems Enterprise 420R
 OS: Solaris 8
 Software: OpenLDAP2.2.6
 Use: account, machine and trusted/trusting domain
      directory server

Machine No 3.
 OS: Windows 2000 Server
 Use: Resource Domain Controller

Machine No 4. 
 OS: Windows 2000 Server
 Use: Resource Domain Controller & WINS Server

Machine No 5.
 OS: Windows 2000 Server
 Use: File Server

Machine No 6.
 OS: Windows 2000 Pro
 Use: Domain logon client machine

== Windows Domain Model description =====

 1. The model is "Single Master Domain Model"
 2. "Resource Domain" trusts "Account Domain" 
    (Established a trust relationship)
 3. Machine accounts for both file server(Machine No 5) 
    and client(Machine No 6) are registered in "Resource 
 4. A "Domain User" is registered in "Account Domain".

== Other information ====================

 1. Domain users are able to Log on to "Account Domain" 
    without any trouble.
 2. The value of "WINS server" for all the machines are 
    set to Machine No 4 including smb.conf for Samba.

== Problem description =================

The problem which I have with above environment is that an error 
occurs when domain users try to access file server machine.
Following is the procedure for reproducing the problem.

 Step 1. Log on a "Domain User" to "Account Domain" using 
         the client machine(Machine No 6)
 Step 2. Open "Explorer". Go to "My Network Places" -> 
         "Entire Network" -> "Microsoft Windows Network" ->
         "Resource Domain".
 Step 3. You will see the file server machine icon(Machine 
         No 5). Double click the icon to browse its shared 
         directories and files.
 Stop 4. Problem occurs! Unable to access the file server
         (Machine No 5) and an error dialog pops up. The
         message of the error dialog was 
         "Unable to access machine No 5.
          Windows 2000 Internal Error has Occurred" ???

The problem occurs irregularly which makes it difficult to 
determine the cause of the problem. Once the problems occured
and if I wait for a while(5 min. or so) WITHOUT doing any 
change to it, and try after 5min, the problem is gone and
the domain user is able to access the file server by
double clicking the icon.

== Log ==============

smb log for Resource Domain Controller
[YYYY/MM/DD 09:10:14, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
      0194 status      : NT_STATUS_OK
[YYYY/MM/DD 09:10:14, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549)
  api_rpcTNP: called NETLOGON successfully
[YYYY/MM/DD 09:10:14, 10] rpc_server/srv_pipe.c:api_rpcTNP(1560)
  api_rpcTNP: rpc input buffer underflow (parse error?)
[YYYY/MM/DD 09:10:14, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
  0172 : 00 00 8a e3 13 71 02 f4 36 71 02 40 28 00 44 06 0e 00 60 cb 60 0d
[YYYY/MM/DD 09:10:14, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
  free_pipe_context: destroying talloc pool of size 4906
[YYYY/MM/DD 09:10:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(880)
  write_to_pipe: data_used = 432
[YYYY/MM/DD 09:10:14, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
  writeX-IPC pnum=7778 nwritten=448

smb log for Resource Domain Controller
[YYYY/MM/DD 09:10:13, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password
  secrets_fetch failed!
[YYYY/MM/DD 09:10:13, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (999, 514) - sec_ctx_stack_ndx = 0
[YYYY/MM/DD 09:10:13, 10] lib/gencache.c:gencache_get(286)
  Cache entry with key = TDOM/Account_Domain couldn't be found
[YYYY/MM/DD 09:10:13, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(172)
  no entry for trusted domain Account_Domain found.
[YYYY/MM/DD 09:10:13, 5] auth/auth_util.c:make_user_info(132)
  attempting to make a user_info for Domain_User (Domain_User)
[YYYY/MM/DD 09:10:13, 5] auth/auth_util.c:make_user_info(142)
  making strings for Domain_User's user_info struct
[YYYY/MM/DD 09:10:13, 5] auth/auth_util.c:make_user_info(184)
  making blobs for Domain_User's user_info struct

=== Questions ===========
 Q1) It there any possibility of a relationship between the log 
     above and the problem I described.
 Q2) Is there any reported bugs which seem to be related with the 
     problem above ? Is there any possible bug causing problem
     to access file server just like the description above ?
 Q3) I guess my bug report is not so reproducible and specific.
     Is there anything I can do to provide more valuable information 
     to make this problem more specific and accurate ?
 Q4) What do these error messages mean and how does it occur ?
     Error message 1 - api_rpcTNP: rpc input buffer underflow 
                       (parse error?)
     Error message 2 - secrets_fetch failed!
     Error message 3 - no entry for trusted domain Account_Domain found.

Any advice or comment will be appreciated.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-02-05 07:43:58 UTC
please retest 3.0.11 and reopen if necessary.
Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:25:18 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.