Bug 14772 - netr_LogonSamLogon(NetlogonNetworkInformation) fails against a real NT4 sp6a DC
Summary: netr_LogonSamLogon(NetlogonNetworkInformation) fails against a real NT4 sp6a DC
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.15.0rc1
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Stefan Metzmacher
QA Contact: Samba QA Contact
URL: https://gitlab.com/samba-team/samba/-...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-07-30 14:38 UTC by Stefan Metzmacher
Modified: 2021-08-03 11:11 UTC (History)
3 users (show)

See Also:


Attachments
Backport to 4.9 (5.62 KB, patch)
2021-08-02 15:11 UTC, Stefan Metzmacher
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2021-07-30 14:38:46 UTC
With a real NT4 DC we have a netr_LogonSamLogon(NetlogonNetworkInformation) exchange, where the account_name from the server is NULL
(and acct_flags is 0) (see below).

But the important part is the account_name, in netsamlogoncache_entry
we filled it with the account name given by the client, which is done
by netsamlogon_cache_store().

Before Samba 4.8 netsamlogon_cache_store() operated on the info3 structure
which was also propagated to the caller and 'smbd' in the end.

In Samba 4.8 we changed the code so that netsamlogon_cache_store() only
operates on a temporary info3 structure, while passing the unmodified
version to the caller and smbd. So auth_winbind in smbd gets an
empty account name and is not able to call getpwnam() for the user
and returns NT_STATUS_LOGON_FAILURE.

In order to work at all against an NT4 DC I used this:

        workgroup = NT4DOM193
        security = domain
        require strong key = no
        client use spnego = no
        client ipc signing = auto
        client min protocol = NT1

Here are the detailed logs from log.wb-NT4DOM193:

       netr_LogonSamLogon: struct netr_LogonSamLogon
          in: struct netr_LogonSamLogon
              server_name              : *
                  server_name              : '\\NT4PDC-193'
              computer_name            : *
                  computer_name            : 'UB1404-162'
              credential               : *
                  credential: struct netr_Authenticator
                      cred: struct netr_Credential
                          data                     : 7cf236782442563a
                      timestamp                : Fr Jul 30 16:24:51 2021 CEST
              return_authenticator     : *
                  return_authenticator: struct netr_Authenticator
                      cred: struct netr_Credential
                          data                     : 0000000000000000
                      timestamp                : (time_t)0
              logon_level              : NetlogonNetworkInformation (2)
              logon                    : *
                  logon                    : union netr_LogonLevel(case 2)
                  network                  : *
                      network: struct netr_NetworkInfo
                          identity_info: struct netr_IdentityInfo
                              domain_name: struct lsa_String
                                  length                   : 0x0012 (18)
                                  size                     : 0x0012 (18)
                                  string                   : *
                                      string                   : 'NT4DOM193'
                              parameter_control        : 0x00000820 (2080)
                                     0: MSV1_0_CLEARTEXT_PASSWORD_ALLOWED
                                     0: MSV1_0_UPDATE_LOGON_STATISTICS
                                     0: MSV1_0_RETURN_USER_PARAMETERS
                                     0: MSV1_0_DONT_TRY_GUEST_ACCOUNT
                                     1: MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
                                     0: MSV1_0_RETURN_PASSWORD_EXPIRY
                                     0: MSV1_0_USE_CLIENT_CHALLENGE
                                     0: MSV1_0_TRY_GUEST_ACCOUNT_ONLY
                                     0: MSV1_0_RETURN_PROFILE_PATH
                                     0: MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY
                                     1: MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
                                     0: MSV1_0_DISABLE_PERSONAL_FALLBACK
                                     0: MSV1_0_ALLOW_FORCE_GUEST 
                                     0: MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED
                                     0: MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY
                                     0: MSV1_0_ALLOW_MSVCHAPV2   
                                     0: MSV1_0_S4U2SELF          
                                     0: MSV1_0_CHECK_LOGONHOURS_FOR_S4U
                                     0: MSV1_0_SUBAUTHENTICATION_DLL_EX
                              logon_id                 : 0xa622d656ed710ec6 (11971366428343340742)
                              account_name: struct lsa_String
                                  length                   : 0x001a (26)
                                  size                     : 0x001a (26)
                                  string                   : *
                                      string                   : 'administrator'
                              workstation: struct lsa_String
                                  length                   : 0x0018 (24)
                                  size                     : 0x0018 (24)
                                  string                   : *
                                      string                   : '\\UB1404-162'
                          challenge                : 690797588756cd0c
                          nt: struct netr_ChallengeResponse
                              length                   : 0x00f8 (248)
                              size                     : 0x00f8 (248)
                              data                     : *
                                  data: ARRAY(248)
  [0000] 52 81 65 5F 1C 9F DF 67   4B 66 70 B9 1D AE 70 67   R.e_...g Kfp...pg
  [0010] 01 01 00 00 00 00 00 00   FA 12 99 A7 4E 85 D7 01   ........ ....N...
  [0020] C2 14 CE EC 92 87 BD C1   00 00 00 00 02 00 12 00   ........ ........
  [0030] 4E 00 54 00 34 00 44 00   4F 00 4D 00 31 00 39 00   N.T.4.D. O.M.1.9.
  [0040] 33 00 01 00 14 00 55 00   42 00 31 00 34 00 30 00   3.....U. B.1.4.0.
  [0050] 34 00 2D 00 31 00 36 00   32 00 04 00 02 00 00 00   4.-.1.6. 2.......
  [0060] 03 00 14 00 75 00 62 00   31 00 34 00 30 00 34 00   ....u.b. 1.4.0.4.
  [0070] 2D 00 31 00 36 00 32 00   07 00 08 00 FA 12 99 A7   -.1.6.2. ........
  [0080] 4E 85 D7 01 06 00 04 00   02 00 00 00 08 00 30 00   N....... ......0.
  [0090] 30 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   0....... ........
  [00A0] 22 98 CD 8A 29 AD D2 4D   97 0E 5D 16 50 65 64 27   "...)..M ..].Ped'
  [00B0] EA 88 48 80 82 8F 06 BD   EC C6 81 C8 9F E1 72 26   ..H..... ......r&
  [00C0] 0A 00 10 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ ........
  [00D0] 00 00 00 00 09 00 1C 00   63 00 69 00 66 00 73 00   ........ c.i.f.s.
  [00E0] 2F 00 31 00 32 00 37 00   2E 00 30 00 2E 00 30 00   /.1.2.7. ..0...0.
  [00F0] 2E 00 31 00 00 00 00 00                             ..1..... 
                          lm: struct netr_ChallengeResponse
                              length                   : 0x0018 (24)
                              size                     : 0x0018 (24)
                              data                     : *
                                  data                     : 000000000000000000000000000000000000000000000000
              validation_level         : 0x0003 (3)

       netr_LogonSamLogon: struct netr_LogonSamLogon
          out: struct netr_LogonSamLogon
              return_authenticator     : *
                  return_authenticator: struct netr_Authenticator
                      cred: struct netr_Credential
                          data                     : 1de97d9c2e9f6e4e
                      timestamp                : (time_t)0
              validation               : *
                  validation               : union netr_Validation(case 3)
                  sam3                     : *
                      sam3: struct netr_SamInfo3
                          base: struct netr_SamBaseInfo
                              logon_time               : Fr Jul 30 15:26:11 2021 CEST
                              logoff_time              : Do Sep 14 03:48:05 30828 CET
                              kickoff_time             : Do Sep 14 03:48:05 30828 CET
                              last_password_change     : Sa Nov  6 17:03:21 2010 CET
                              allow_password_change    : Sa Nov  6 17:03:21 2010 CET
                              force_password_change    : Do Sep 14 03:48:05 30828 CET
                              account_name: struct lsa_String
                                  length                   : 0x0000 (0)
                                  size                     : 0x0000 (0)
                                  string                   : NULL
                              full_name: struct lsa_String
                                  length                   : 0x0000 (0)
                                  size                     : 0x0000 (0)
                                  string                   : NULL
                              logon_script: struct lsa_String
                                  length                   : 0x0000 (0)
                                  size                     : 0x0000 (0)
                                  string                   : NULL
                              profile_path: struct lsa_String
                                  length                   : 0x0000 (0)
                                  size                     : 0x0000 (0)
                                  string                   : NULL
                              home_directory: struct lsa_String
                                  length                   : 0x0000 (0)
                                  size                     : 0x0000 (0)
                                  string                   : NULL
                              home_drive: struct lsa_String
                                  length                   : 0x0000 (0)
                                  size                     : 0x0000 (0)
                                  string                   : NULL
                              logon_count              : 0x0017 (23)
                              bad_password_count       : 0x0000 (0)
                              rid                      : 0x000001f4 (500)
                              primary_gid              : 0x00000201 (513)
                              groups: struct samr_RidWithAttributeArray
                                  count                    : 0x00000002 (2)
                                  rids                     : *
                                      rids: ARRAY(2)
                                          rids: struct samr_RidWithAttribute
                                              rid                      : 0x00000201 (513)
                                              attributes               : 0x00000007 (7)
                                                     1: SE_GROUP_MANDATORY       
                                                     1: SE_GROUP_ENABLED_BY_DEFAULT
                                                     1: SE_GROUP_ENABLED         
                                                     0: SE_GROUP_OWNER           
                                                     0: SE_GROUP_USE_FOR_DENY_ONLY
                                                     0: SE_GROUP_INTEGRITY       
                                                     0: SE_GROUP_INTEGRITY_ENABLED
                                                     0: SE_GROUP_RESOURCE        
                                                  0x00: SE_GROUP_LOGON_ID         (0)
                                          rids: struct samr_RidWithAttribute
                                              rid                      : 0x00000200 (512)
                                              attributes               : 0x00000007 (7)
                                                     1: SE_GROUP_MANDATORY       
                                                     1: SE_GROUP_ENABLED_BY_DEFAULT
                                                     1: SE_GROUP_ENABLED         
                                                     0: SE_GROUP_OWNER           
                                                     0: SE_GROUP_USE_FOR_DENY_ONLY
                                                     0: SE_GROUP_INTEGRITY       
                                                     0: SE_GROUP_INTEGRITY_ENABLED
                                                     0: SE_GROUP_RESOURCE        
                                                  0x00: SE_GROUP_LOGON_ID         (0)
                              user_flags               : 0x00000120 (288)
                                     0: NETLOGON_GUEST           
                                     0: NETLOGON_NOENCRYPTION    
                                     0: NETLOGON_CACHED_ACCOUNT  
                                     0: NETLOGON_USED_LM_PASSWORD
                                     1: NETLOGON_EXTRA_SIDS      
                                     0: NETLOGON_SUBAUTH_SESSION_KEY
                                     0: NETLOGON_SERVER_TRUST_ACCOUNT
                                     1: NETLOGON_NTLMV2_ENABLED  
                                     0: NETLOGON_RESOURCE_GROUPS 
                                     0: NETLOGON_PROFILE_PATH_RETURNED
                                     0: NETLOGON_GRACE_LOGON     
                              key: struct netr_UserSessionKey
                                  key: ARRAY(16): <REDACTED SECRET VALUES>
                              logon_server: struct lsa_StringLarge
                                  length                   : 0x0014 (20)
                                  size                     : 0x0016 (22)
                                  string                   : *
                                      string                   : 'NT4PDC-193'
                              logon_domain: struct lsa_StringLarge
                                  length                   : 0x0012 (18)
                                  size                     : 0x0014 (20)
                                  string                   : *
                                      string                   : 'NT4DOM193'
                              domain_sid               : *
                                  domain_sid               : S-1-5-21-357788813-580721598-483988704
                              LMSessKey: struct netr_LMSessionKey
                                  key: ARRAY(8): <REDACTED SECRET VALUES>
                              acct_flags               : 0x00000000 (0)
                                     0: ACB_DISABLED             
                                     0: ACB_HOMDIRREQ            
                                     0: ACB_PWNOTREQ             
                                     0: ACB_TEMPDUP              
                                     0: ACB_NORMAL               
                                     0: ACB_MNS                  
                                     0: ACB_DOMTRUST             
                                     0: ACB_WSTRUST              
                                     0: ACB_SVRTRUST             
                                     0: ACB_PWNOEXP              
                                     0: ACB_AUTOLOCK             
                                     0: ACB_ENC_TXT_PWD_ALLOWED  
                                     0: ACB_SMARTCARD_REQUIRED   
                                     0: ACB_TRUSTED_FOR_DELEGATION
                                     0: ACB_NOT_DELEGATED        
                                     0: ACB_USE_DES_KEY_ONLY     
                                     0: ACB_DONT_REQUIRE_PREAUTH 
                                     0: ACB_PW_EXPIRED           
                                     0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
                                     0: ACB_NO_AUTH_DATA_REQD    
                                     0: ACB_PARTIAL_SECRETS_ACCOUNT
                                     0: ACB_USE_AES_KEYS         
                              sub_auth_status          : 0x00000000 (0)
                              last_successful_logon    : NTTIME(0)
                              last_failed_logon        : NTTIME(0)
                              failed_logon_count       : 0x00000000 (0)
                              reserved                 : 0x00000000 (0)
                          sidcount                 : 0x00000000 (0)
                          sids                     : NULL
              authoritative            : *
                  authoritative            : 0x01 (1)
              result                   : NT_STATUS_OK

       &r: struct netsamlogoncache_entry
          timestamp                : Fr Jul 30 16:18:35 2021 CEST
          info3: struct netr_SamInfo3
              base: struct netr_SamBaseInfo
                  logon_time               : Fr Jul 30 15:26:11 2021 CEST
                  logoff_time              : Do Sep 14 03:48:05 30828 CET
                  kickoff_time             : Do Sep 14 03:48:05 30828 CET
                  last_password_change     : Sa Nov  6 17:03:21 2010 CET
                  allow_password_change    : Sa Nov  6 17:03:21 2010 CET
                  force_password_change    : Do Sep 14 03:48:05 30828 CET
                  account_name: struct lsa_String
                      length                   : 0x001a (26)
                      size                     : 0x001a (26)
                      string                   : *
                          string                   : 'administrator'
                  full_name: struct lsa_String
                      length                   : 0x0000 (0)
                      size                     : 0x0000 (0)
                      string                   : NULL
                  logon_script: struct lsa_String
                      length                   : 0x0000 (0)
                      size                     : 0x0000 (0)
                      string                   : NULL
                  profile_path: struct lsa_String
                      length                   : 0x0000 (0)
                      size                     : 0x0000 (0)
                      string                   : NULL
                  home_directory: struct lsa_String
                      length                   : 0x0000 (0)
                      size                     : 0x0000 (0)
                      string                   : NULL
                  home_drive: struct lsa_String
                      length                   : 0x0000 (0)
                      size                     : 0x0000 (0)
                      string                   : NULL
                  logon_count              : 0x0017 (23)
                  bad_password_count       : 0x0000 (0)
                  rid                      : 0x000001f4 (500)
                  primary_gid              : 0x00000201 (513)
                  groups: struct samr_RidWithAttributeArray
                      count                    : 0x00000002 (2)
                      rids                     : *
                          rids: ARRAY(2)
                              rids: struct samr_RidWithAttribute
                                  rid                      : 0x00000201 (513)
                                  attributes               : 0x00000007 (7)
                                         1: SE_GROUP_MANDATORY       
                                         1: SE_GROUP_ENABLED_BY_DEFAULT
                                         1: SE_GROUP_ENABLED         
                                         0: SE_GROUP_OWNER           
                                         0: SE_GROUP_USE_FOR_DENY_ONLY
                                         0: SE_GROUP_INTEGRITY       
                                         0: SE_GROUP_INTEGRITY_ENABLED
                                         0: SE_GROUP_RESOURCE        
                                      0x00: SE_GROUP_LOGON_ID         (0)
                              rids: struct samr_RidWithAttribute
                                  rid                      : 0x00000200 (512)
                                  attributes               : 0x00000007 (7)
                                         1: SE_GROUP_MANDATORY       
                                         1: SE_GROUP_ENABLED_BY_DEFAULT
                                         1: SE_GROUP_ENABLED         
                                         0: SE_GROUP_OWNER           
                                         0: SE_GROUP_USE_FOR_DENY_ONLY
                                         0: SE_GROUP_INTEGRITY       
                                         0: SE_GROUP_INTEGRITY_ENABLED
                                         0: SE_GROUP_RESOURCE        
                                      0x00: SE_GROUP_LOGON_ID         (0)
                  user_flags               : 0x00000120 (288)
                         0: NETLOGON_GUEST           
                         0: NETLOGON_NOENCRYPTION    
                         0: NETLOGON_CACHED_ACCOUNT  
                         0: NETLOGON_USED_LM_PASSWORD
                         1: NETLOGON_EXTRA_SIDS      
                         0: NETLOGON_SUBAUTH_SESSION_KEY
                         0: NETLOGON_SERVER_TRUST_ACCOUNT
                         1: NETLOGON_NTLMV2_ENABLED  
                         0: NETLOGON_RESOURCE_GROUPS 
                         0: NETLOGON_PROFILE_PATH_RETURNED
                         0: NETLOGON_GRACE_LOGON     
                  key: struct netr_UserSessionKey
                      key: ARRAY(16): <REDACTED SECRET VALUES>
                  logon_server: struct lsa_StringLarge
                      length                   : 0x0014 (20)
                      size                     : 0x0016 (22)
                      string                   : *
                          string                   : 'NT4PDC-193'
                  logon_domain: struct lsa_StringLarge
                      length                   : 0x0012 (18)
                      size                     : 0x0014 (20)
                      string                   : *
                          string                   : 'NT4DOM193'
                  domain_sid               : *
                      domain_sid               : S-1-5-21-357788813-580721598-483988704
                  LMSessKey: struct netr_LMSessionKey
                      key: ARRAY(8): <REDACTED SECRET VALUES>
                  acct_flags               : 0x00000000 (0)
                         0: ACB_DISABLED             
                         0: ACB_HOMDIRREQ            
                         0: ACB_PWNOTREQ             
                         0: ACB_TEMPDUP              
                         0: ACB_NORMAL               
                         0: ACB_MNS                  
                         0: ACB_DOMTRUST             
                         0: ACB_WSTRUST              
                         0: ACB_SVRTRUST             
                         0: ACB_PWNOEXP              
                         0: ACB_AUTOLOCK             
                         0: ACB_ENC_TXT_PWD_ALLOWED  
                         0: ACB_SMARTCARD_REQUIRED   
                         0: ACB_TRUSTED_FOR_DELEGATION
                         0: ACB_NOT_DELEGATED        
                         0: ACB_USE_DES_KEY_ONLY     
                         0: ACB_DONT_REQUIRE_PREAUTH 
                         0: ACB_PW_EXPIRED           
                         0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
                         0: ACB_NO_AUTH_DATA_REQD    
                         0: ACB_PARTIAL_SECRETS_ACCOUNT
                         0: ACB_USE_AES_KEYS         
                  sub_auth_status          : 0x00000000 (0)
                  last_successful_logon    : NTTIME(0)
                  last_failed_logon        : NTTIME(0)
                  failed_logon_count       : 0x00000000 (0)
                  reserved                 : 0x00000000 (0)
              sidcount                 : 0x00000000 (0)
              sids                     : NULL
Comment 1 Stefan Metzmacher 2021-08-02 15:11:47 UTC
Created attachment 16707 [details]
Backport to 4.9
Comment 2 Samba QA Contact 2021-08-03 11:11:03 UTC
This bug was referenced in samba master:

93bac5f12240597e1e92291de70a7000a403baca