Bug 2860 - smbd crashes after samba server with security=ads is being browsed from windows 2000 client
smbd crashes after samba server with security=ads is being browsed from windo...
Status: RESOLVED INVALID
Product: Samba 3.0
Classification: Unclassified
Component: File Services
3.0.14a
x86 Linux
: P3 major
: none
Assigned To: Gerald (Jerry) Carter
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-07 06:10 UTC by Erik Sørnes
Modified: 2005-07-08 05:57 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Sørnes 2005-07-07 06:10:28 UTC
Suse Enterprise server 9 (server name = migrating) with 
heimdal 0.6.1rc3 -55.15
samba 3.0.14a, have also been tried with samba 3.0.9-2.6 with identical result.
windows 2003 native mode domain.
Starting smbd, then starting winbindd, OK.
Browsing server from windows 2000, sp4 client with start-run-  \\migrating.
smbd then crashes on server with:

wct=12 flg2=0xc807
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
Doing spnego session setup
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[]
Got OID 1 2 840 48018 1 2 2
Got OID 1 2 840 113554 1 2 2
Got OID 1 3 6 1 4 1 311 2 2 10
Got secblob of size 1431
secrets_named_mutex: got mutex for replay cache mutex
ads_secrets_verify_ticket: enc type [16] failed to decrypt with error Message
size is incompatible with encryption type
ads_secrets_verify_ticket: enc type [5] failed to decrypt with error Decrypt
integrity check failed
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt
integrity check failed
ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Decrypt
integrity check failed
ads_secrets_verify_ticket: enc type [2] failed to decrypt with error Decrypt
integrity check failed
ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Decrypt
integrity check failed
secrets_named_mutex: released mutex for replay cache mutex
ads_verify_ticket: krb5_rd_req with auth failed (Success)
Failed to verify incoming ticket!
error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
size=35
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=65279
smb_uid=0
smb_mid=128
smt_wct=0
smb_bcc=0
write_socket(25,39)
write_socket(25,39) wrote 39
read_socket_data: recv of 4 returned 0. Error = Success
receive_smb_raw: length < 0!
timeout_processing: End of file from client (client has disconnected).
Closing cache file
namecache_shutdown: netbios namecache closed successfully.
tallocs left:
global talloc allocations in pid: 8234
name                                       chunks    bytes
---------------------------------------- -------- --------
end_description                                 1      158
pdb_context internal allocation context         5     1513
passdb internal SAM_ACCOUNT allocation          8      402
---------------------------------------- -------- --------
TOTAL                                          14     2073

setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
NT user token: (NULL)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
change_to_root_user: now uid=(0,0) gid=(0,0)
Closing connections
Yielding connection to
receive_local_message: doing select with timeout of 1 ms
Server exit (normal exit)



smb.conf: 

[global]

        # fra morpheus 2005-07-07
        smb ports = 139 445
        security = ADS
        server signing = disabled
        winbind cache time = 10
        netbios name = migrating
        password server = tynes.pas.ahus.no mariholtet.pas.ahus.no
        encrypt passwords = yes
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        winbind separator = +
        realm = PAS.AHUS.NO
        log level = 5
        winbind use default domain = yes
        template shell = /bin/bash
        template homedir = /home/%U
        workgroup = SIAPAS
        # name resolve order = wins bcast
        printer admin = root @printadmin
        default devmode = yes

        # fra cypher 2005-07-07
        server string = test printserver for siapas
        browseable = yes
        lock directory = /var/lock/samba
        load printers = yes
        printcap name = cups
        printing = cups
        log file = /var/log/samba/%m.log
        max log size = 50
        # smb passwd file = /etc/samba/smbpasswd
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        local master = no
        wins server = 10.225.3.6 10.225.3.7
        guest ok = yes
        username map = /etc/samba/smbusers
        guest account = pcguest
        dns proxy = no


#============================ Share Definitions ==============================

[sysfiles$]
        comment = Upload for system filer
        path = /usr/local/storage
        browseable = yes
        guest ok = yes
        writeable = yes

krb5.conf:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = PAS.AHUS.NO
 dns_lookup_kdc = true

[realms]
 EXAMPLE.COM = {
  kdc = kerberos.example.com:88
  admin_server = kerberos.example.com:749
  default_domain = example.com
 }

 PAS.AHUS.NO = {
  kdc = TYNES.PAS.AHUS.NO:88
  admin_server = TYNES.PAS.AHUS.NO:749
  default_domain = PAS.AHUS.NO
 }

[domain_realm]
 .example.com = EXAMPLE.COM
 example.com = EXAMPLE.COM
 pas.ahus.no = PAS.AHUS.NO
 .pas.ahus.no = PAS.AHUS.NO
[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
Comment 1 Gerald (Jerry) Carter 2005-07-07 06:57:36 UTC
There's no crash here.  Just a logon failure when the 
ticket fails to decrypt.
Comment 2 Erik Sørnes 2005-07-08 04:09:06 UTC
Sorry about this.
This bug-report is false.
We reinstalled the server and everything was OK.
Sorry about the inconvenience.

I changed the status to INVALID (This is correct procedure, yes?)

regards
-Erik
Comment 3 Gerald (Jerry) Carter 2005-07-08 05:57:11 UTC
Yup.  That's fine.  Thanks for the update.