In Samba 3.0.21rc2 (also rc1 and pre1 releases):
1) Samba+ADS without Winbind/idmap runs fine (i.e. winbind
netlogon proxy only). SMBD, NMBD and SMBCLIENT all work
with Solaris 8/9, Windows 2000 ADS server and
Windows XP workstations. However, these odd messages appear
in log.smbd when I connect to HOMES on Solaris from my PC:
[2005/12/06 13:40:18, 2] libads/authdata.c:decode_pac_data(906)
decode_pac_data: Name in PAC [ä~\~@ä~T~@å~L~@ä~H~@ã| ~@ã~@~@ã~@~@ã~\~@â~P~@] does not match principal name in ticket
[2005/12/06 13:40:18, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)
Username PERTH\WS8001$ is invalid on this system
2) Samba+ADS with Winbind/idmap also works plus Windows name mappng
works. However remote logins to the Samba server (e.g. with SSH)
are disconnected by the server after a few minutes after each
successful login. The following messages typically appear in syslog:
<Dec 5 12:51:07 numbat sshd: [ID 800047 auth.info] Accepted
publickey for mewtwo from 192.168.1.101 port
<Dec 5 12:53:02 numbat sshd: [ID 800047 auth.crit] fatal:
Timeout before authentication for 192.168.1.101
Not sure if these are actual bugs or just incorrect installation by
me but I have not been able to find any cause so far.
Can you post a debug level 10 log from smbd when you get the :
2005/12/06 13:40:18, 2] libads/authdata.c:decode_pac_data(906)
decode_pac_data: Name in PAC [ä~\~@ä~T~@å~L~@ä~H~@ã| ~@ã~@~@ã~@~@ã~\~@â~P~@]
does not match principal name in ticket
error please. Attach it to this bug report.
Created attachment 1617 [details]
My smbd log file
smbd.log for debug level 10.
Seems we fail in decoding PAC_LOGON_NAME, I'm looking into that.
After comparing the samba3 parsing with the samba4 parsing of the PAC_LOGON_NAME, it seems we miss an alignment.
David, could you please try the attached patch and send another log.smbd level 10 logfile if it still fails?
Created attachment 1627 [details]
adding missing alignment in the PAC_LOGON_INFO parsing
Guenther, what is the status of this patch? If it is working, please
check it in.
Unfortunately I can't verify it here (no Solaris SPARC available). I first want to do that before checking it in (although it seems pretty obvious).
David: Can you please test the patch Günther provided with comment #5?
Created attachment 1746 [details]
always read the username as a little-endian, non-null terminated UCS2-string
I got to reproduce that bug also on ppc64; the uploaded patch fixed it for me; I'll test Solaris next.
Quick comment on the patch - you're defining 'len' as int. Looks like it should be uint32 to me. Also, the prs_string_len() function makes me nervous. I don't see a length limit other than that read off the wire. This may be buffer overrun unsafe. Please check (and maybe add a max_len parameter).
New fix tested on ppc64 and solaris and committed upstream. This will be in 3.0.21c.