Bug 326 - Cannot mount from Windows 2003 AD Controller
Cannot mount from Windows 2003 AD Controller
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: File Services
3.0.0preX
All All
: P2 major
: 3.0.0rc3
Assigned To: Gerald (Jerry) Carter
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-08-19 14:38 UTC by Rob Thomas
Modified: 2005-11-14 09:35 UTC (History)
2 users (show)

See Also:


Attachments
Logfiles created whilst not authenticating ADS into Samba (6.96 KB, application/gzip)
2003-08-30 20:57 UTC, Rob Thomas
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Rob Thomas 2003-08-19 14:38:36 UTC
Windows 2003 AD Controller -- gladstonewireless.net aka QLD-80211B-GLD1.
Samba Server -- 3rc1, Kernel 2.4.20, gcc version 3.2.2 (Mandrake Linux 9.1
3.2.2-3mdk)

Samba server is happily a member of the domain, and I have a valid ticket:
[root@fserv source]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@GLADSTONEWIRELESS.NET

Valid starting     Expires            Service principal
08/19/03 20:05:42  08/20/03 06:05:42 
krbtgt/GLADSTONEWIRELESS.NET@GLADSTONEWIRELESS.NET
08/19/03 20:06:01  08/20/03 06:05:42  gw-server$@GLADSTONEWIRELESS.NET

[root@fserv sbin]# net ads testjoin
Join is OK
[root@fserv sbin]#

smb.conf is:
   workgroup = QLD-80211B-GLD1
   netbios name = filesrv
   realm = gw-server.gladstonewireless.net
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   encrypt passwords = yes
   client use spnego = no
   password server = gw-server
;   use spnego = no
   server string = Samba Server
   security = ads
   load printers = no
   guest account = nobody
   log level = 10
   log file = /usr/local/samba/var/log.%m
   max log size = 50
   passdb backend = tdbsam
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   local master = no
   domain master = no 
   preferred master = no
   dns proxy = no

smbd crashes when I try to attach, with this traceback:

#3  0x0818db5d in smb_panic (why=0x82391bd "internal error") at lib/util.c:1483
#4  0x0817e275 in fault_report (sig=11) at lib/fault.c:41
#5  0x401613b8 in __libc_sigaction () from /lib/i686/libc.so.6
#6  0x0809fc9f in reply_spnego_kerberos (conn=0x0, inbuf=0x4042a008 "",
    outbuf=0x4044b008 "", length=1476, bufsize=131072, secblob=0xbfffe98c)
    at smbd/sesssetup.c:167
#7  0x080a04ef in reply_spnego_negotiate (conn=0x0, inbuf=0x4042a008 "",
    outbuf=0x4044b008 "", length=1476, bufsize=131072, blob1=
      {data = 0x8378a98
"`\202\005\e\006\006+\006\001\005\005\002 \202\005\0170\202\005\v $0\"\006\t*\206H\202÷\022\001\002\002\006\t*\206H\206÷\022\001\002\002\006\n+\006\001\004\001\2027\002\002\n¢\202\004á\004\202\004Ý`\202\004Ù\006\t*\206H\206÷\022\001\002\002\001",
length = 1311, free = 0x818b7a0 <free_data_blob>}) at smbd/sesssetup.c:390
#8  0x080a0844 in reply_sesssetup_and_X_spnego (conn=0x0, inbuf=0x4042a008 "",
    outbuf=0x4044b008 "", length=1476, bufsize=131072) at smbd/sesssetup.c:505
#9  0x080a143c in reply_sesssetup_and_X (conn=0x0, inbuf=0x0,
    outbuf=0x4044b008 "", length=1476, bufsize=131072) at smbd/sesssetup.c:591
#10 0x080bb82d in switch_message (type=115, inbuf=0x4042a008 "",
    outbuf=0x4044b008 "", size=1476, bufsize=131072) at smbd/process.c:767
#11 0x080bb999 in construct_reply (inbuf=0x4042a008 "", outbuf=0x4044b008 "",
    size=1476, bufsize=131072) at smbd/process.c:797
#12 0x080bbb93 in process_smb (inbuf=0x4042a008 "", outbuf=0x4044b008 "")
    at smbd/process.c:897

And the relevant parts of the log are:

[2003/08/20 07:27:28, 3] smbd/process.c:switch_message(685)
  switch message SMBsesssetupX (pid 4455)
[2003/08/20 07:27:28, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/08/20 07:27:28, 5] auth/auth_util.c:debug_nt_user_token(486)
  NT user token: (NULL)
[2003/08/20 07:27:28, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2003/08/20 07:27:28, 5] smbd/uid.c:change_to_root_user(218)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2003/08/20 07:27:28, 3] smbd/sesssetup.c:reply_sesssetup_and_X(577)
  wct=12 flg2=0xc807
[2003/08/20 07:27:28, 2] smbd/sesssetup.c:setup_new_vc_session(533)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2003/08/20 07:27:28, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(474)
  Doing spnego session setup
[2003/08/20 07:27:28, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(498)
  NativeOS=[Windows Server 2003 3790] NativeLanMan=[]
[2003/08/20 07:27:28, 3] smbd/sesssetup.c:reply_spnego_negotiate(383)
  Got OID 1 2 840 48018 1 2 2
[2003/08/20 07:27:28, 3] smbd/sesssetup.c:reply_spnego_negotiate(383)
  Got OID 1 2 840 113554 1 2 2
[2003/08/20 07:27:28, 3] smbd/sesssetup.c:reply_spnego_negotiate(383)
  Got OID 1 3 6 1 4 1 311 2 2 10
[2003/08/20 07:27:28, 3] smbd/sesssetup.c:reply_spnego_negotiate(386)
  Got secblob of size 1245
[2003/08/20 07:27:28, 10] passdb/secrets.c:secrets_named_mutex(697)
  secrets_named_mutex: got mutex for replay cache mutex
[2003/08/20 07:27:28, 10] libads/kerberos_verify.c:ads_verify_ticket(175)
  ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type
[2003/08/20 07:27:28, 10] libads/kerberos_verify.c:ads_verify_ticket(175)
  ads_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type
[2003/08/20 07:27:28, 10] passdb/secrets.c:secrets_named_mutex_release(709)
  secrets_named_mutex: released mutex for replay cache mutex
[2003/08/20 07:27:28, 3] libads/kerberos_verify.c:ads_verify_ticket(182)
  ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
[2003/08/20 07:27:28, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2003/08/20 07:27:28, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 4455 (3.0.0rc1)
  Please read the appendix Bugs of the Samba HOWTO collection
[2003/08/20 07:27:28, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2003/08/20 07:27:28, 0] lib/util.c:smb_panic(1462)
  PANIC: internal error
[2003/08/20 07:27:28, 0] lib/util.c:smb_panic(1469)
  BACKTRACE: 14 stack frames:
   #0 ./smbd(smb_panic+0xf9) [0x818dac9]
   #1 ./smbd [0x817e275]
   #2 /lib/i686/libc.so.6 [0x401613b8]
   #3 ./smbd [0x809fc9f]
   #4 ./smbd [0x80a04ef]
   #5 ./smbd [0x80a0844]
   #6 ./smbd(reply_sesssetup_and_X+0xb0c) [0x80a143c]
   #7 ./smbd [0x80bb82d]
   #8 ./smbd [0x80bb999]
   #9 ./smbd(process_smb+0x83) [0x80bbb93]
   #10 ./smbd(smbd_process+0x19b) [0x80bc75b]
   #11 ./smbd(main+0x413) [0x81e64e3]
   #12 /lib/i686/libc.so.6(__libc_start_main+0xc7) [0x4014e7f7]
   #13 ./smbd(strcpy+0x31) [0x8076051]

The error on the windows box is 'The specified network name is no longer
available'.   You'll notice that it does seem to want to use spnego, even tho
the config says not to use it. If I turn off spnego in smb.conf, I get a
different error. This possibly should be in a different bug report, but I'm not
clued up enough on the new samba to make that call 8-)

Set the config option 'use spnego = no' and this happens:

I try to connect and I get (on the windows machine) 'The account is not
authorized to log in from this station'. No crash.  The logfile is as follows.

[2003/08/20 07:32:48, 10] smbd/negprot.c:get_challenge(40)
  get challenge: creating negprot_global_auth_context
[2003/08/20 07:32:48, 5] auth/auth.c:make_auth_context_subsystem(484)
  Making default auth method list for security=ADS
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend rhosts
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'rhosts'
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend hostsequiv
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'hostsequiv'
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend sam
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'sam'
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend sam_ignoredomain
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'sam_ignoredomain'
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend unix
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'unix'
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend winbind
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'winbind'
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend smbserver
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'smbserver'
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend trustdomain
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'trustdomain'
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend ntdomain
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'ntdomain'
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(45)
  Attempting to register auth backend guest
[2003/08/20 07:32:48, 5] auth/auth.c:smb_register_auth(57)
  Successfully added auth method 'guest'
[2003/08/20 07:32:48, 5] auth/auth.c:load_auth_module(370)
  load_auth_module: Attempting to find an auth method to match guest
[2003/08/20 07:32:48, 5] auth/auth.c:load_auth_module(395)
  load_auth_module: auth method guest has a valid init
[2003/08/20 07:32:48, 5] auth/auth.c:load_auth_module(370)
  load_auth_module: Attempting to find an auth method to match sam
[2003/08/20 07:32:48, 5] auth/auth.c:load_auth_module(395)
  load_auth_module: auth method sam has a valid init
[2003/08/20 07:32:48, 5] auth/auth.c:load_auth_module(370)
  load_auth_module: Attempting to find an auth method to match winbind:ntdomain
[2003/08/20 07:32:48, 5] auth/auth.c:load_auth_module(370)
  load_auth_module: Attempting to find an auth method to match ntdomain
[2003/08/20 07:32:48, 5] auth/auth.c:load_auth_module(395)
  load_auth_module: auth method ntdomain has a valid init
[2003/08/20 07:32:48, 5] auth/auth.c:load_auth_module(395)
  load_auth_module: auth method winbind has a valid init
[2003/08/20 07:32:48, 10] smbd/negprot.c:get_challenge(45)
  get challenge: getting challenge
[2003/08/20 07:32:48, 5] auth/auth.c:get_ntlm_challenge(93)
  auth_get_challenge: module guest did not want to specify a challenge
[2003/08/20 07:32:48, 5] auth/auth.c:get_ntlm_challenge(93)
  auth_get_challenge: module sam did not want to specify a challenge
[2003/08/20 07:32:48, 5] auth/auth.c:get_ntlm_challenge(93)
 auth_get_challenge: module winbind did not want to specify a challenge
[2003/08/20 07:32:48, 5] auth/auth.c:get_ntlm_challenge(132)
  auth_context challenge created by random
[2003/08/20 07:32:48, 5] auth/auth.c:get_ntlm_challenge(133)
  challenge is:
[2003/08/20 07:32:48, 5] lib/util.c:dump_data(1887)
  [000] 76 0C 54 11 12 15 ED 52                           v.T...íR
[2003/08/20 07:32:48, 3] smbd/negprot.c:reply_nt1(323)
  not using SPNEGO
[2003/08/20 07:32:48, 3] smbd/negprot.c:reply_negprot(532)
  Selected protocol NT LM 0.12
[2003/08/20 07:32:48, 5] smbd/negprot.c:reply_negprot(538)
  negprot index=5
[2003/08/20 07:32:48, 5] lib/util.c:show_msg(456)
[2003/08/20 07:32:48, 5] lib/util.c:show_msg(466)
  size=109
  smb_com=0x72
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51201
  smb_tid=0
   smb_pid=65279
  smb_uid=0
  smb_mid=0
  smt_wct=17
  smb_vwv[ 0]=    5 (0x5)
  smb_vwv[ 1]=12803 (0x3203)
  smb_vwv[ 2]=  256 (0x100)
  smb_vwv[ 3]= 1024 (0x400)
  smb_vwv[ 4]=   65 (0x41)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  256 (0x100)
  smb_vwv[ 7]=36096 (0x8D00)
  smb_vwv[ 8]=   17 (0x11)
  smb_vwv[ 9]=64768 (0xFD00)
  smb_vwv[10]=  227 (0xE3)
  smb_vwv[11]=    0 (0x0)
  smb_vwv[12]=20288 (0x4F40)
  smb_vwv[13]=39279 (0x996F)
  smb_vwv[14]=50022 (0xC366)
  smb_vwv[15]=43009 (0xA801)
  smb_vwv[16]= 2301 (0x8FD)
  smb_bcc=40

[2003/08/20 07:32:48, 10] lib/util.c:dump_data(1887)
  [000] 76 0C 54 11 12 15 ED 52  51 00 4C 00 44 00 2D 00  v.T...íR Q.L.D.-.
  [010] 38 00 30 00 32 00 31 00  31 00 42 00 2D 00 47 00  8.0.2.1. 1.B.-.G.
  [020] 4C 00 44 00 31 00 00 00                           L.D.1...
[2003/08/20 07:32:48, 6] lib/util_sock.c:write_socket(407)
  write_socket(16,113)
[2003/08/20 07:32:48, 6] lib/util_sock.c:write_socket(410)
  write_socket(16,113) wrote 113
[2003/08/20 07:32:48, 10] lib/util_sock.c:read_socket_data(336)
  read_socket_data: recv of 4 returned 0. Error = Success
[2003/08/20 07:32:48, 10] lib/util_sock.c:receive_smb(512)
  receive_smb: length < 0!
[2003/08/20 07:32:48, 3] smbd/process.c:timeout_processing(1099)
  timeout_processing: End of file from client (client has disconnected).
[2003/08/20 07:32:48, 5] lib/gencache.c:gencache_shutdown(88)
  Closing cache file
[2003/08/20 07:32:48, 5] libsmb/namecache.c:namecache_shutdown(79)
  namecache_shutdown: netbios namecache closed successfully.
[2003/08/20 07:32:48, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/08/20 07:32:48, 5] auth/auth_util.c:debug_nt_user_token(486)
  NT user token: (NULL)
[2003/08/20 07:32:48, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2003/08/20 07:32:48, 5] smbd/uid.c:change_to_root_user(218)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2003/08/20 07:32:48, 2] smbd/server.c:exit_server(558)
  Closing connections
[2003/08/20 07:32:48, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2003/08/20 07:32:48, 3] smbd/connection.c:yield_connection(76)
  yield_connection: tdb_delete for name  failed with error Record does not exist.
[2003/08/20 07:32:48, 5] smbd/oplock.c:receive_local_message(107)
  receive_local_message: doing select with timeout of 1 ms
[2003/08/20 07:32:48, 3] smbd/server.c:exit_server(601)
  Server exit (normal exit)

The only thing that stands out is the 'Yielding connection to %s' and
'tdb_delete for name %s ...'where %s is blank. This is coming from
yield_connection in source/smbd/connections.c, but I'm not good enough to trace
it back any further than that. Sorry!
Comment 1 Rob Thomas 2003-08-19 14:53:11 UTC
Note: Due to some hints I found whilst googling earlier, I have set the 2003
machine's registry entry of 
HKLM/System/CCS/Services/lanmanserver/parameters/requiresecuritysignature to 0

--Rob


Comment 2 Gerald (Jerry) Carter 2003-08-25 09:29:06 UTC
Does disabl;ing SMB signing on the 2003 DC prevent the 
smbd crash from occurring?
Comment 3 Rob Thomas 2003-08-25 13:37:13 UTC
No, it makes no difference either way. That crash was with it set to 0 - I had
changed it earlier to see if it fixed it, and it was still doing it. I have just
noticed that it's managed to set itself back to 1. Odd.
Comment 4 Jim McDonough 2003-08-30 17:25:31 UTC
Hmm, I suspect the coredump itself may have been fixed.  Volker checked
something in since rc2 to prevent the coredump when tickets are not obtained. 
That doesn't solve the tickets not being decrypted, but it should stop the
coredump itself.
Comment 5 Rob Thomas 2003-08-30 20:54:44 UTC
Yep, it certainly fixed the crashing, but I still can't view shares from the
ADS. My testing methology is:
kill smbd/nmbd
kdestroy
./smbd -D && ../nmbd -D && ./winbindd
kinit Administrator@GLADSTONEWIRELESS.NET
klist (to ensure I have a valid ticket)
net ads join
[This works, I can view it in AD Users & Computers]
Try to browse to it, by typing \\f1 in the run box, and I get prompted for a
username/password - I tried entering my Admin password in the box, and it just
re-prompted.

I've zipped up the logs that were created at loglevel 9, hopefully they may be
of some assistance. Attached shortly!
Comment 6 Rob Thomas 2003-08-30 20:57:59 UTC
Created attachment 115 [details]
Logfiles created whilst not authenticating ADS into Samba 

Built from the current (as of 3 hours ago) CVS snapshot. Loglevel = 9
Comment 7 Gerald (Jerry) Carter 2003-09-04 21:55:45 UTC
What krb5 libraries are you using?  Heimdal I would guess.

ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
Comment 8 Rob Thomas 2003-09-04 23:32:41 UTC
I'm using the default Mandrake 9.1 Kerberos libs:
[root@fserv disk2]# rpm -qa | grep krb
krb5-workstation-1.2.7-1mdk
ftp-client-krb5-1.2.7-1mdk
krb5-libs-1.2.7-1mdk
telnet-server-krb5-1.2.7-1mdk
krb5-devel-1.2.7-1mdk
telnet-client-krb5-1.2.7-1mdk
[root@fserv disk2]#

Are there other Kerberos libs that I should be running?
Comment 9 Gerald (Jerry) Carter 2003-09-05 05:35:44 UTC
From the "Passwg Backends and Authentication" section in WHATSNEW

     MIT kerberos 1.3.1 supports the ARCFOUR-HMAC-MD5 encryption
     type which is neccessary for servers on which the
     administrator password has not been changed, or kerberos-enabled
     SMB connections to servers that require Kerberos SMB signing.
     Besides this one difference, either MIT or Heimdal Kerberos
     distributions are usable by Samba 3.0.

Are there 1.3.1 libs from cooker you could try ?
Comment 10 Jim McDonough 2003-09-05 05:50:06 UTC
Perhaps changing the user password once would create the other encryption types?
   I'm not sure if this works in win2k3 as it did in win2k... 
Comment 11 Rob Thomas 2003-09-05 21:52:28 UTC
Still not happy. Cooker only has 1.3, not 1.3.1, so I downloaded and compiled
1.3.1, installed, updated my CVS, recompiled, realised I hadn't enabled shared
libraries in Kerberos, recompiled 1.3.1, recompiled pre-rc3, and installed.

*lo and behold*, smbclient -k //gw-server/c$ -worked!-. So it at least works one
way.  However, I'm still having the same problem with samba acting as the
server. I'll do some diagnosis later (possibly), but tomorrow's fathers day and
I'm otherwise occupied.

So, so far resolved, is that 1.2.7 is pretty much dysfunctional, and shouldn't
be used. Should that be stuck in the docco somewhere? (If it was there and I
didn't see it, I'm a dope and I apologise)

Comment 12 Gerald (Jerry) Carter 2003-09-06 12:19:18 UTC
Fixed.  requires MIT krb 1.3.1 as outlined 
in WHATSNEW.
Comment 13 Gerald (Jerry) Carter 2005-02-07 09:05:20 UTC
originally reported against one of the 3.0.0rc[1-4] releases.
Cleaning up non-production versions.
Comment 14 Gerald (Jerry) Carter 2005-08-24 10:22:30 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 15 Gerald (Jerry) Carter 2005-11-14 09:26:29 UTC
database cleanup