Bug 3383 - Reported crash of smbd with 3.0.21a in security=server mode
Summary: Reported crash of smbd with 3.0.21a in security=server mode
Status: RESOLVED DUPLICATE of bug 3401
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.21a
Hardware: Other Linux
: P3 normal
Target Milestone: none
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
URL: http://bugs.debian.org/346069
: 3410 (view as bug list)
Depends on: 3401
  Show dependency treegraph
Reported: 2006-01-07 00:59 UTC by Christian Perrier
Modified: 2006-01-16 11:09 UTC (History)
2 users (show)

See Also:

Log excerpt showing the crash (10.62 KB, text/plain)
2006-01-07 01:02 UTC, Christian Perrier
no flags Details
User's smb.conf file (5.58 KB, text/plain)
2006-01-07 01:04 UTC, Christian Perrier
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Perrier 2006-01-07 00:59:44 UTC
In the tagged URL, our user reports a crash of smbd while trying to map a drive or browse the server from a WinXP machine.

The crash only happens in security=server mode. Switching to security=domain as we recommended him, fixed the problem. But this still seems worht reporting.
Comment 1 Christian Perrier 2006-01-07 01:02:26 UTC
Created attachment 1653 [details]
Log excerpt showing the crash

Attached is a log sent by our user while experiencing the crash
Comment 2 Christian Perrier 2006-01-07 01:04:20 UTC
Created attachment 1654 [details]
User's smb.conf file
Comment 3 Volker Lendecke 2006-01-07 14:33:31 UTC
Jeremy, this is easy to replicate. W2k3 DC, current Samba code with security=server and point an XP box to that smbd.

Here's some excerpt of a debug level 10 output:

[2006/01/07 21:03:53.926677, 10, pid=32069] libsmb/ntlmssp.c:ntlmssp_server_auth(730)
  ntlmssp_server_auth: Failed to create NTLM session key.
[2006/01/07 21:03:53.926696, 5, pid=32069] libsmb/ntlmssp.c:ntlmssp_server_auth(756)
  server session key is invalid (len == 0), cannot do KEY_EXCH!
[2006/01/07 21:03:53.926716, 3, pid=32069] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(332)
  NTLMSSP Sign/Seal - Initialising with flags:
[2006/01/07 21:03:53.926735, 3, pid=32069] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x600082b5
[2006/01/07 21:03:53.926785, 5, pid=32069] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
  ntlmssp_state->session_key.length, data = 8, (nil)

This debug message was added by me to current trunk code to see why we don't return here. length==8 and data==NULL seems wrong to me, this is why we segfault later on. Return with  NT_STATUS_NO_USER_SESSION_KEY under this condition does not help either. this makes the xp workstation fail with an appropriate error message.

Comment 4 Yau Lam Yiu 2006-01-12 23:06:04 UTC
Our server have the same problem. We are currently fixing it by removing a line from the function "ntlmssp_weaken_key" temporary. Hope the samba will have a permanent fix in later version. For more destail please check:

Comment 5 Gerald (Jerry) Carter 2006-01-16 00:17:26 UTC
*** Bug 3410 has been marked as a duplicate of this bug. ***
Comment 6 Gerald (Jerry) Carter 2006-01-16 11:09:38 UTC
Should be fixed now.

*** This bug has been marked as a duplicate of 3401 ***