Bug 3330 - Solaris windbind problems.
Summary: Solaris windbind problems.
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.21
Hardware: Sparc Solaris
: P3 normal
Target Milestone: none
Assignee: Guenther Deschner
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-12-14 17:59 UTC by David May
Modified: 2006-02-22 21:49 UTC (History)
2 users (show)

See Also:


Attachments
My smbd log file (132.65 KB, application/x-gzip)
2005-12-15 18:18 UTC, David May
no flags Details
adding missing alignment in the PAC_LOGON_INFO parsing (380 bytes, patch)
2005-12-20 06:19 UTC, Guenther Deschner
no flags Details
always read the username as a little-endian, non-null terminated UCS2-string (2.83 KB, patch)
2006-02-20 14:54 UTC, Guenther Deschner
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description David May 2005-12-14 17:59:44 UTC
In Samba 3.0.21rc2 (also rc1 and pre1 releases):

1) Samba+ADS without Winbind/idmap runs fine (i.e. winbind 
netlogon proxy only). SMBD, NMBD and SMBCLIENT all work 
with Solaris 8/9, Windows 2000 ADS server and 
Windows XP workstations. However, these odd messages appear
in log.smbd when I connect to HOMES on Solaris from my PC:

[2005/12/06 13:40:18, 2] libads/authdata.c:decode_pac_data(906)
  decode_pac_data: Name in PAC [ä~\~@ä~T~@å~L~@ä~H~@ã| ~@ã~@~@ã~@~@ã~\~@â~P~@] does not match principal name in ticket
[2005/12/06 13:40:18, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)
  Username PERTH\WS8001$ is invalid on this system

2) Samba+ADS with Winbind/idmap also works plus Windows name mappng
works. However remote logins to the Samba server (e.g. with SSH)
are disconnected by the server after a few minutes after each 
successful login. The following messages typically appear in syslog:

<Dec  5 12:51:07 numbat sshd[7356]: [ID 800047 auth.info] Accepted 
publickey for mewtwo from 192.168.1.101 port
34809 ssh2
<Dec  5 12:53:02 numbat sshd[7356]: [ID 800047 auth.crit] fatal: 
Timeout before authentication for 192.168.1.101

Not sure if these are actual bugs or just incorrect installation by
me but I have not been able to find any cause so far.
Comment 1 Jeremy Allison 2005-12-14 18:13:11 UTC
Can you post a debug level 10 log from smbd when you get the :

2005/12/06 13:40:18, 2] libads/authdata.c:decode_pac_data(906)
  decode_pac_data: Name in PAC [ä~\~@ä~T~@å~L~@ä~H~@ã| ~@ã~@~@ã~@~@ã~\~@â~P~@]
does not match principal name in ticket

error please. Attach it to this bug report.

Thanks,

Jeremy.
Comment 2 David May 2005-12-15 18:18:12 UTC
Created attachment 1617 [details]
My smbd log file

smbd.log for debug level 10.
Comment 3 Guenther Deschner 2005-12-20 05:32:34 UTC
Seems we fail in decoding PAC_LOGON_NAME, I'm looking into that.
Comment 4 Guenther Deschner 2005-12-20 06:18:53 UTC
After comparing the samba3 parsing with the samba4 parsing of the PAC_LOGON_NAME, it seems we miss an alignment.

David, could you please try the attached patch and send another log.smbd level 10 logfile if it still fails?
Comment 5 Guenther Deschner 2005-12-20 06:19:22 UTC
Created attachment 1627 [details]
adding missing alignment in the PAC_LOGON_INFO parsing
Comment 6 Gerald (Jerry) Carter (dead mail address) 2006-01-17 21:47:56 UTC
Guenther, what is the status of this patch?  If it is working, please
check it in.
Comment 7 Guenther Deschner 2006-01-24 05:50:35 UTC
Unfortunately I can't verify it here (no Solaris SPARC available). I first want to do that before checking it in (although it seems pretty obvious).
Comment 8 Lars Müller 2006-01-24 06:13:39 UTC
David: Can you please test the patch Günther provided with comment #5?
Comment 9 Guenther Deschner 2006-02-20 14:54:21 UTC
Created attachment 1746 [details]
always read the username as a little-endian, non-null terminated UCS2-string
Comment 10 Guenther Deschner 2006-02-20 14:56:12 UTC
I got to reproduce that bug also on ppc64; the uploaded patch fixed it for me; I'll test Solaris next.
Comment 11 Jeremy Allison 2006-02-20 17:15:37 UTC
Quick comment on the patch - you're defining 'len' as int. Looks like it should be uint32 to me. Also, the prs_string_len() function makes me nervous. I don't see a length limit other than that read off the wire. This may be buffer overrun unsafe. Please check (and maybe add a max_len parameter).
Jeremy.
Comment 12 Guenther Deschner 2006-02-22 21:49:53 UTC
New fix tested on ppc64 and solaris and committed upstream. This will be in 3.0.21c.