In Samba 3.0.21rc2 (also rc1 and pre1 releases): 1) Samba+ADS without Winbind/idmap runs fine (i.e. winbind netlogon proxy only). SMBD, NMBD and SMBCLIENT all work with Solaris 8/9, Windows 2000 ADS server and Windows XP workstations. However, these odd messages appear in log.smbd when I connect to HOMES on Solaris from my PC: [2005/12/06 13:40:18, 2] libads/authdata.c:decode_pac_data(906) decode_pac_data: Name in PAC [ä~\~@ä~T~@å~L~@ä~H~@ã| ~@ã~@~@ã~@~@ã~\~@â~P~@] does not match principal name in ticket [2005/12/06 13:40:18, 1] smbd/sesssetup.c:reply_spnego_kerberos(286) Username PERTH\WS8001$ is invalid on this system 2) Samba+ADS with Winbind/idmap also works plus Windows name mappng works. However remote logins to the Samba server (e.g. with SSH) are disconnected by the server after a few minutes after each successful login. The following messages typically appear in syslog: <Dec 5 12:51:07 numbat sshd[7356]: [ID 800047 auth.info] Accepted publickey for mewtwo from 192.168.1.101 port 34809 ssh2 <Dec 5 12:53:02 numbat sshd[7356]: [ID 800047 auth.crit] fatal: Timeout before authentication for 192.168.1.101 Not sure if these are actual bugs or just incorrect installation by me but I have not been able to find any cause so far.
Can you post a debug level 10 log from smbd when you get the : 2005/12/06 13:40:18, 2] libads/authdata.c:decode_pac_data(906) decode_pac_data: Name in PAC [ä~\~@ä~T~@å~L~@ä~H~@ã| ~@ã~@~@ã~@~@ã~\~@â~P~@] does not match principal name in ticket error please. Attach it to this bug report. Thanks, Jeremy.
Created attachment 1617 [details] My smbd log file smbd.log for debug level 10.
Seems we fail in decoding PAC_LOGON_NAME, I'm looking into that.
After comparing the samba3 parsing with the samba4 parsing of the PAC_LOGON_NAME, it seems we miss an alignment. David, could you please try the attached patch and send another log.smbd level 10 logfile if it still fails?
Created attachment 1627 [details] adding missing alignment in the PAC_LOGON_INFO parsing
Guenther, what is the status of this patch? If it is working, please check it in.
Unfortunately I can't verify it here (no Solaris SPARC available). I first want to do that before checking it in (although it seems pretty obvious).
David: Can you please test the patch Günther provided with comment #5?
Created attachment 1746 [details] always read the username as a little-endian, non-null terminated UCS2-string
I got to reproduce that bug also on ppc64; the uploaded patch fixed it for me; I'll test Solaris next.
Quick comment on the patch - you're defining 'len' as int. Looks like it should be uint32 to me. Also, the prs_string_len() function makes me nervous. I don't see a length limit other than that read off the wire. This may be buffer overrun unsafe. Please check (and maybe add a max_len parameter). Jeremy.
New fix tested on ppc64 and solaris and committed upstream. This will be in 3.0.21c.