Bug 2438 - net rpc trustdom establish still does not work
Summary: net rpc trustdom establish still does not work
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: net utility (show other bugs)
Version: 3.0.11
Hardware: All Windows NT
: P3 major
Target Milestone: none
Assignee: Jim McDonough
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-03-10 07:22 UTC by Wolfgang Ratzka
Modified: 2005-08-24 10:16 UTC (History)
0 users

See Also:


Attachments
level 10 debug log (44.16 KB, text/plain)
2005-03-11 01:07 UTC, Wolfgang Ratzka
no flags Details
Proposed patch (2.93 KB, patch)
2005-03-12 11:47 UTC, Volker Lendecke
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Ratzka 2005-03-10 07:22:00 UTC
After applying the patch for Bug #2379 I get a different error message from
net rpc trustdom establish:

vhrz61:~# net rpc trustdom establish HRZ -d3
[2005/03/10 14:04:38, 3] param/loadparm.c:lp_load(3911)
  lp_load: refreshing parameters
[2005/03/10 14:04:38, 3] param/loadparm.c:init_globals(1326)
  Initialising global parameters
[2005/03/10 14:04:38, 3] param/params.c:pm_process(573)
  params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2005/03/10 14:04:38, 3] param/loadparm.c:do_section(3413)
  Processing section "[global]"
[2005/03/10 14:04:38, 1] param/loadparm.c:lp_do_parameter(3154)
  WARNING: The "min passwd length" option is deprecated
[2005/03/10 14:04:38, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.3.31 bcast=255.255.255.255 nmask=0.0.0.0
Password:********

[2005/03/10 14:04:58, 3] libsmb/cliconnect.c:cli_start_connection(1397)
  Connecting to host=NTRZ04
[2005/03/10 14:04:58, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 137.248.3.45 at port 445
[2005/03/10 14:04:58, 2] lib/util_sock.c:open_socket_out(789)
  error connecting to 137.248.3.45:445 (Connection refused)
[2005/03/10 14:04:58, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 137.248.3.45 at port 139
[2005/03/10 14:04:58, 1] libsmb/cliconnect.c:cli_full_connection(1485)
  failed session setup with NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT
Could not connect to server NTRZ04
[2005/03/10 14:04:58, 3] libsmb/cliconnect.c:cli_start_connection(1397)
  Connecting to host=NTRZ04
[2005/03/10 14:04:58, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 137.248.3.45 at port 445
[2005/03/10 14:04:58, 2] lib/util_sock.c:open_socket_out(789)
  error connecting to 137.248.3.45:445 (Connection refused)
[2005/03/10 14:04:58, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 137.248.3.45 at port 139
[2005/03/10 14:04:58, 0] rpc_parse/parse_prs.c:prs_mem_get(537)
  prs_mem_get: reading data of size 4 would overrun buffer.
[2005/03/10 14:04:58, 0] utils/net_rpc.c:rpc_trustdom_establish(4566)
  WksQueryInfo call failed.
[2005/03/10 14:04:58, 2] utils/net.c:main(897)
  return code = -1
vhrz61:~#
Comment 1 Wolfgang Ratzka 2005-03-10 07:28:21 UTC
I should add that I have been using 3.0.11 with the #2379 patch applied
and 3.0.12pre1 and got the same results.

The domain to be trusted runs on NT 4.0.
Comment 2 Volker Lendecke 2005-03-11 00:32:07 UTC
Could you send a complete sniff of that attempt?

tcpdump -i eth0 -n -s 1500 -w /tmp/sniff.cap

Thanks,

Volker
Comment 3 Wolfgang Ratzka 2005-03-11 01:07:02 UTC
Created attachment 1025 [details]
level 10 debug log
Comment 4 Wolfgang Ratzka 2005-03-11 01:15:40 UTC
The samba installation is running on a linux vserver (I probably should have said
so in the first place) so tcpdumping is not so easy. I'll give it a try.
Comment 5 Volker Lendecke 2005-03-11 01:26:46 UTC
You can always use ethereal on the target DC.

Volker
Comment 6 Volker Lendecke 2005-03-12 11:47:17 UTC
Created attachment 1028 [details]
Proposed patch

According to the sniff you sent to me in private, you might have a problem with
restrictanonymous. The attached patch avoids the wks_query_info call. If the
patch does not work for you, could you please send another sniff? We might have
to connect using an authenticated user.

Volker
Comment 7 Wolfgang Ratzka 2005-03-14 05:40:47 UTC
It now says:

Could not connect to server NTRZ04
Trust to domain HRZ established

or more verbosely

# net rpc trustdom establish HRZ -d3
[2005/03/14 12:53:27, 3] param/loadparm.c:lp_load(3911)
  lp_load: refreshing parameters
[2005/03/14 12:53:27, 3] param/loadparm.c:init_globals(1326)
  Initialising global parameters
[2005/03/14 12:53:27, 3] param/params.c:pm_process(573)
  params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2005/03/14 12:53:27, 3] param/loadparm.c:do_section(3413)
  Processing section "[global]"
[2005/03/14 12:53:27, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.3.31 bcast=255.255.255.255 nmask=0.0.0.0
Password:
[2005/03/14 12:53:35, 3] libsmb/cliconnect.c:cli_start_connection(1397)
  Connecting to host=NTRZ04
[2005/03/14 12:53:35, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 137.248.3.45 at port 445
[2005/03/14 12:53:35, 2] lib/util_sock.c:open_socket_out(789)
  error connecting to 137.248.3.45:445 (Connection refused)
[2005/03/14 12:53:35, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 137.248.3.45 at port 139
[2005/03/14 12:53:35, 1] libsmb/cliconnect.c:cli_full_connection(1485)
  failed session setup with NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT
Could not connect to server NTRZ04
[2005/03/14 12:53:35, 3] libsmb/cliconnect.c:cli_start_connection(1397)
  Connecting to host=NTRZ04
[2005/03/14 12:53:35, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 137.248.3.45 at port 445
[2005/03/14 12:53:35, 2] lib/util_sock.c:open_socket_out(789)
  error connecting to 137.248.3.45:445 (Connection refused)
[2005/03/14 12:53:35, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 137.248.3.45 at port 139
[2005/03/14 12:53:35, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181)
  lsa_io_sec_qos: length c does not match size 8
Trust to domain HRZ established
[2005/03/14 12:53:35, 2] utils/net.c:main(897)
  return code = 0
#

After restarting winbind, "net usersidlist" gives me a list of account entries
in the trusted domain(s).
Comment 8 Jim McDonough 2005-03-14 06:11:29 UTC
Seems now we're just displaying a failure message when that failure is
completely normal (the NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT is expected).
Comment 9 Volker Lendecke 2005-03-20 04:52:47 UTC
Checked in with Revision 5910.  I left the error message in place, this needs more work. As the functionality problem is fixed, I'm closing this bug.  Volker 
Comment 10 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:16:37 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.