Pocket PC 2003 on iPAQ cannot connect to samba shares unless the following option is used: use spnego = No However, this breaks smbclient (with or without "client use spnego = no" option) and Windows XP workstations trying to browse the samba server (cannot browse). Relevent logging information that led me to try disabling spnego: ------------- [2004/09/26 00:21:43, 3] smbd/process.c:process_smb(1092) Transaction 1 of length 51 [2004/09/26 00:21:43, 3] smbd/process.c:switch_message(887) switch message SMBnegprot (pid 17789) conn 0x0 [2004/09/26 00:21:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/09/26 00:21:43, 3] smbd/negprot.c:reply_negprot(457) Requested protocol [NT LM 0.12] [2004/09/26 00:21:43, 3] smbd/negprot.c:reply_nt1(329) using SPNEGO [2004/09/26 00:21:43, 3] smbd/negprot.c:reply_negprot(545) Selected protocol NT LM 0.12 [2004/09/26 00:21:43, 3] smbd/process.c:timeout_processing(1332) timeout_processing: End of file from client (client has disconnected). [2004/09/26 00:21:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/09/26 00:21:43, 2] smbd/server.c:exit_server(571) Closing connections [2004/09/26 00:21:43, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2004/09/26 00:21:43, 3] smbd/server.c:exit_server(614) Server exit (normal exit) ------------- I suspect the iPAQ client is being mistakenly detected as being SPNEGO capable/compliant, when it is not. *Brandon Darbro
I've now confirmed this bug exists also in Samba 3.0.7, so I'm updating the bug report. *Brandon Darbro
This problem will affect many new iPAQ devices, upping priority & severity.
*** Bug 2174 has been marked as a duplicate of this bug. ***
Created attachment 1010 [details] Output of tcpdump when attempting to connect to samba share I saw a note somewhere that a tcpdump would be useful to help with this bug. Windows Mobile 2003, Samba 3.0.4 on Slackware 10. This is the output when trying to open \\server\software share from pocket PC using file explorer. Pocket PC produces error "Cannot find the file '\\' (or one of its components). Make sure the path and filename are correct and all required libraries are available." HTH
Thanks for coming back on that. However, you better create a sniff with tcpdump -i eth0 -n -s 1500 -w /tmp/sniff.cap and attach /tmp/sniff.cap. stdout of tcpdump is only of quite limited value. Thanks, Volker
Created attachment 1011 [details] Sniff.cap with 3.0.10 from Slackware 10.1 I've had the same problems, and attached a cap file (just like you requested) ... I added "host ipaq" which captured only packets from my IPaq Rx3115, Windows Mobile PC 2003 Second Edition. Also, I must note I've updated the ROM to the newest version from last Friday (Mar 4 2005). I also downloaded 3.0.11 and recompiled which will be my next attachment. Also, the "client use spnego = no" was not set in my config file, although I have tried and it has failed in the past.
Created attachment 1012 [details] sniff.cap with 3.0.11 & Slackware 10.1 Capture with Samba 3.0.11 compiled from scratch.
(In reply to comment #7) > Created an attachment (id=1012) [edit] > sniff.cap with 3.0.11 & Slackware 10.1 > > Capture with Samba 3.0.11 compiled from scratch. Actually, looking at the tcpdump myself, looks like my pda is sending out udp nbt broadcasts, three times, and nothing responds.
Created attachment 1385 [details] tcpdumps between { pocketpc , samba , win2k } I'm uploading as binary files tcpdumps of connection attempys between these 3 devices: 192.168.100.101 Windows 2000 pc 192.168.100.102 Dell Axim X30 running Windows Mobile 2003 Second Editon (PocketPC) 192.168.100.10 samba (3.0.9-1.3E.3) on a Centos 3.5 box (Asterisk@Home) with spnego set to both yes and no. pocketpc_to_smb_spnego_yes.cap (failure) pocketpc_to_smb_spnego_no.cap (success) pocketpc_to_win2k.cap (success) win2k_to_smb_spnego_no.cap (success) win2k_to_smb_spnego_yes.cap (success)
Created attachment 1503 [details] Proposed patch I think this should fix the PocketPC problems with SPNEGO. Please try this out and get back to me. Jeremy.
*** Bug 3133 has been marked as a duplicate of this bug. ***
(In reply to comment #10) > Created an attachment (id=1503) [edit] > Proposed patch > > I think this should fix the PocketPC problems with SPNEGO. Please try this out > and get back to me. > Jeremy. I tried with the patch applied to 3.0.20, no go. I tried again with 3.0.20a and nothing ... toggled spnego on or off, unable to connect to my samba share.
Can you send me an ethereal trace of your ppc failing, with both spnego on and off please. It's getting to the point you should think about just sending me one of the damn things :-). Jeremy.
You do know the patch should be applied to 3.0.20a also (and 3.0.20b when it ships).... It won't be in a production release until 3.0.21. Jeremy.
Created attachment 1508 [details] Proposed patch Get us closer to W2K3 - if no SPNEGO the keylen is zero. Jeremy.
(In reply to comment #15) > Created an attachment (id=1508) [edit] > Proposed patch > > Get us closer to W2K3 - if no SPNEGO the keylen is zero. > Jeremy. > Hmm still nothing. Know what's odd? A tcpdump doesn't show any traffic at all. The Ipaq will show "connecting to server" and the little busy circle thing. Then I see "the network path was not found" and tcpdump *then* shows some -- NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST packets to .255 ... and that's it. Nothing. I was almost contimplating shipping you my ipaq temporarily. Almost. Whereabouts do you live? (Feel free to answer in priv email). Or, let me know if you're on the samba irc channel. Thought maybe I was blocking nbt broadcasts or something, but that doesn't appear to be the case...
The PocketPC may be caching something about the server. Is there a way you can do a full reset, or look in the registry for any cached parameters w.r.t. a remote server ? I'm pretty sure we should work now, it's almost impossible to tell our SMBnegprot reply from a Windows 2003 one. Jeremy.
Created attachment 1509 [details] Ethereal trace of Pocket PC 2003 accessing the patched Samba server This ethereal trace is of a Pocket PC 2003 device repeatedly accessing a Samba server with the above patches applied. After the correct password is entered on the PPC, it responds as though the wrong password were entered, and re-asks, then when the password is entered again, it responds with "Cannot find the file '\\' (or one of it's components)." This cycle keeps repeating on successive attemps to access the Samba server.
Ok, trace gives me *really* good news. What is happening is that the PPC is accepting our negprot reply, and then going on to do a NTLMSSP SPNEGO sessionsetup. Unfortunately the current released version of Samba doesn't support the NTLMv2 session setup that the pocket pc is sending. The error it's returning is an "INVALID PARAMETER" error which is generated from the old NTLMSSP authentication engine. The good news is that the code that's currently in SVN - which will become Samba 3.0.21 has been rewritten and the Samba4 NTLMSSP engine has been integrated into the Samba3 code. What this really means is that this may just work against the 3.0.21 pre-release code (in SVN) as-is, with no more changes. I will email you a tarball of the current 3.0.21 source code - build the rpm as you would the 3.0.20(a or b) rpm. I'll also test this once I have the PPC myself. Jeremy.
Created attachment 1511 [details] Log of 3.0.21 Samba being accessed by Pocket PC 2003 This is the log.smbd of the Samba server being accessed by a Pocket PC 2003 device (multiple tries).
Created attachment 1512 [details] Proposed patch PocketPC sends 2 unicode strings instead of ascii. Cope with this. Jeremy.
Created attachment 1513 [details] Log of Samba server after above patch applied Same behavior on PPC end, different behavior in log.
Created attachment 1514 [details] Proposed patch Ok, looks like we shouldn't be parsing the strings at all. Try this patch on top of the last one - this removes that code. Jeremy.
This is fixed now.