Bug 3463 - authentication problem with non-ascii usernames
Summary: authentication problem with non-ascii usernames
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.21a
Hardware: x86 Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-01-30 02:24 UTC by jheinonen
Modified: 2019-06-11 21:24 UTC (History)
2 users (show)

See Also:


Attachments
This ad hoc patch makes the authentication work on my setup. (338 bytes, patch)
2006-03-22 05:58 UTC, jheinonen
no flags Details
also convert from ucs2 to utf8 when validating the PAC (2.80 KB, patch)
2006-03-24 03:44 UTC, Guenther Deschner
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description jheinonen 2006-01-30 02:24:42 UTC
Authentication against AD domain controllers fails for non-ascii usernames if security = ads and unix charset = iso8859-1.

Relevant options in smb.conf:
security = ads
unix charset = iso8859-1
display charset = iso8859-1

Error message from log:
[2006/01/30 10:21:46, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)
  Username DOMAIN\åöä is invalid on this system

Please note the incorrectly encoded username (UTF-8 encoding on iso8859-1 setup). wbinfo -u lists the usernames correctly. Changing "security = ads" to "security = domain" makes it work correctly. Also removing the "unix charset" and "display charset" settings from smb.conf makes the authentication work. (Usernames are then output as UTF-8 encoded e.g. with wbinfo.)

Additional information:
DC OS: Windows 2000 Server SP4
Client OS: Windows 2000 Pro SP4
krb5 1.3.6

Reproduced with samba 3.0.20b and samba 3.0.21a.
Comment 1 jheinonen 2006-03-22 02:35:15 UTC
Log with higher debug level:

[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
          0010 offset: 00000048
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
          0014 offsethi: 00000000
[2006/03/22 09:04:37, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000018 pac_io_pac_info_hdr pac data
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
          0018 type: 0000000a
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
          001c size: 00000010
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
          0020 offset: 000001e8
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
          0024 offsethi: 00000000
[2006/03/22 09:04:37, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000028 pac_io_pac_info_hdr pac data
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
          0028 type: 00000006
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
          002c size: 00000014
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
          0030 offset: 000001f8
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
          0034 offsethi: 00000000
[2006/03/22 09:04:37, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000038 pac_io_pac_info_hdr pac data
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
          0038 type: 00000007
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
          003c size: 00000014
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
          0040 offset: 00000210
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
          0044 offsethi: 00000000
[2006/03/22 09:04:37, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000048 pac_io_pac_info_hdr_ctr pac data
[2006/03/22 09:04:37, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(503)
  PAC_TYPE_LOGON_INFO
[2006/03/22 09:04:37, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000048 pac_io_pac_logon_info pac data
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
              0048 unknown: 00081001
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
              004c unknown: cccccccc
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
              0050 bufferlen: 00000190
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
              0054 bufferlenhi: 00000000
[2006/03/22 09:04:37, 8] rpc_parse/parse_prs.c:prs_debug(84)
              000058 net_io_user_info3 
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  0058 ptr_user_info : 02adf704
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  00005c smb_io_time logon time
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      005c low : 21494e30
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0060 high: 01c64d7e
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  000064 smb_io_time logoff time
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0064 low : ffffffff
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0068 high: 7fffffff
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  00006c smb_io_time kickoff time
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      006c low : ffffffff
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0070 high: 7fffffff
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  000074 smb_io_time last set time
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0074 low : ca0f8740
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0078 high: 01c64d7d
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  00007c smb_io_time can change time
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      007c low : ca0f8740
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0080 high: 01c64d7d
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  000084 smb_io_time must change time
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0084 low : 17478740
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0088 high: 01c666a3
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  00008c smb_io_unihdr hdr_user_name
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                      008c uni_str_len: 0006
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                      008e uni_max_len: 0006
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0090 buffer     : 001614c0
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  000094 smb_io_unihdr hdr_full_name
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                      0094 uni_str_len: 000e
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                      0096 uni_max_len: 000e
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0098 buffer     : 001614c8
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  00009c smb_io_unihdr hdr_logon_script
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                      009c uni_str_len: 0000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                      009e uni_max_len: 0000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      00a0 buffer     : 001614d8
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  0000a4 smb_io_unihdr hdr_profile_path
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                      00a4 uni_str_len: 0000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                      00a6 uni_max_len: 0000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      00a8 buffer     : 001614d8
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  0000ac smb_io_unihdr hdr_home_dir
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                      00ac uni_str_len: 0000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                      00ae uni_max_len: 0000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      00b0 buffer     : 001614d8
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  0000b4 smb_io_unihdr hdr_dir_drive
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                      00b4 uni_str_len: 0000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                      00b6 uni_max_len: 0000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      00b8 buffer     : 001614d8
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                  00bc logon_count   : 0001
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                  00be bad_pw_count  : 0000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  00c0 user_rid      : 00000a89
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  00c4 group_rid     : 00000201
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  00c8 num_groups    : 00000001
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  00cc buffer_groups : 001614d8
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  00d0 user_flgs     : 00000020
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint8s(790)
                  00d4 user_sess_key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  0000e4 smb_io_unihdr hdr_logon_srv
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                      00e4 uni_str_len: 000a
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                      00e6 uni_max_len: 000c
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      00e8 buffer     : 001614e0
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  0000ec smb_io_unihdr hdr_logon_dom
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                      00ec uni_str_len: 0008
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
                      00ee uni_max_len: 000a
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      00f0 buffer     : 001614ec
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  00f4 buffer_dom_id : 001614f8
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint8s(790)
                  00f8 lm_sess_key: 00 00 00 00 00 00 00 00 
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  0100 acct_flags : 00000010
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  0104 unkown: 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  0108 unkown: 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  010c unkown: 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  0110 unkown: 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  0114 unkown: 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  0118 unkown: 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  011c unkown: 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  0120 num_other_sids: 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  0124 buffer_other_sids: 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  0128 ptr_res_group_dom_sid: 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  012c res_group_count: 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  0130 ptr_res_groups: 00000000
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  000134 smb_io_unistr2 uni_user_name
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0134 uni_max_len: 00000003
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0138 offset     : 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      013c uni_str_len: 00000003
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875)
                      0140 buffer     : ......
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  000146 smb_io_unistr2 uni_full_name
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0148 uni_max_len: 00000007
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      014c offset     : 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0150 uni_str_len: 00000007
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875)
                      0154 buffer     : t.s.t. .t.s.t.
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  000162 smb_io_unistr2 uni_logon_script
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0164 uni_max_len: 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0168 offset     : 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      016c uni_str_len: 00000000
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  000170 smb_io_unistr2 uni_profile_path
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0170 uni_max_len: 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0174 offset     : 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0178 uni_str_len: 00000000
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  00017c smb_io_unistr2 uni_home_dir
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      017c uni_max_len: 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0180 offset     : 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0184 uni_str_len: 00000000
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  000188 smb_io_unistr2 uni_dir_drive
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0188 uni_max_len: 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      018c offset     : 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0190 uni_str_len: 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  0194 num_groups2   : 00000001
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  000198 smb_io_gid 
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      0198 g_rid: 00000201
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      019c attr : 00000007
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  0001a0 smb_io_unistr2 uni_logon_srv
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      01a0 uni_max_len: 00000006
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      01a4 offset     : 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      01a8 uni_str_len: 00000005
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875)
                      01ac buffer     : E.N.T.E.E.
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  0001b6 smb_io_unistr2 uni_logon_dom
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      01b8 uni_max_len: 00000005
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      01bc offset     : 00000000
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      01c0 uni_str_len: 00000004
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875)
                      01c4 buffer     : T.U.S.S.
[2006/03/22 09:04:37, 9] rpc_parse/parse_prs.c:prs_debug(84)
                  0001cc smb_io_dom_sid2 
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                      01cc num_auths: 00000004
[2006/03/22 09:04:37, 10] rpc_parse/parse_prs.c:prs_debug(84)
                      0001d0 smb_io_dom_sid sid
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint8(614)
                          01d0 sid_rev_num: 01
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint8(614)
                          01d1 num_auths  : 04
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint8(614)
                          01d2 id_auth[0] : 00
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint8(614)
                          01d3 id_auth[1] : 00
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint8(614)
                          01d4 id_auth[2] : 00
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint8(614)
                          01d5 id_auth[3] : 00
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint8(614)
                          01d6 id_auth[4] : 00
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint8(614)
                          01d7 id_auth[5] : 05
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32s(930)
                          01d8 sub_auths : 00000015 6b635f23 09101613 32eac016 
[2006/03/22 09:04:37, 6] rpc_parse/parse_prs.c:prs_debug(84)
      0001e8 pac_io_pac_info_hdr_ctr pac data
[2006/03/22 09:04:37, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(543)
  PAC_TYPE_LOGON_NAME
[2006/03/22 09:04:37, 7] rpc_parse/parse_prs.c:prs_debug(84)
          0001e8 pac_io_logon_name pac data
[2006/03/22 09:04:37, 8] rpc_parse/parse_prs.c:prs_debug(84)
              0001e8 smb_io_time logon_time
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  01e8 low : 34947380
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  01ec high: 01c64d7e
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16(674)
              01f0 len: 0006
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint16s(833)
              01f2 name: ......
[2006/03/22 09:04:37, 6] rpc_parse/parse_prs.c:prs_debug(84)
      0001f8 pac_io_pac_info_hdr_ctr pac data
[2006/03/22 09:04:37, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(516)
  PAC_TYPE_SERVER_CHECKSUM
[2006/03/22 09:04:37, 7] rpc_parse/parse_prs.c:prs_debug(84)
          0001f8 pac_io_pac_signature_data pac data
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
              01f8 type: ffffff76
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint8s(790)
              01fc signature: e3 09 b6 93 59 33 12 b1 4a 66 15 7c 9f 78 ad 4c 
[2006/03/22 09:04:37, 6] rpc_parse/parse_prs.c:prs_debug(84)
      00020c pac_io_pac_info_hdr_ctr pac data
[2006/03/22 09:04:37, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(489)
  offset in header(x210) and data(x20c) do not match, correcting
[2006/03/22 09:04:37, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(529)
  PAC_TYPE_PRIVSVR_CHECKSUM
[2006/03/22 09:04:37, 7] rpc_parse/parse_prs.c:prs_debug(84)
          000210 pac_io_pac_signature_data pac data
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint32(703)
              0210 type: ffffff76
[2006/03/22 09:04:37, 5] rpc_parse/parse_prs.c:prs_uint8s(790)
              0214 signature: e6 37 0f c2 f9 ca f7 59 6c 52 58 d6 51 22 32 f1 
[2006/03/22 09:04:37, 2] libads/authdata.c:decode_pac_data(906)
  decode_pac_data: Name in PAC [åöä] does not match principal name in ticket
                                ^^^
NOTE: Here the username is correctly (and differently) encoded!

[2006/03/22 09:04:37, 3] libads/kerberos_verify.c:ads_verify_ticket(416)
  ads_verify_ticket: failed to decode PAC_DATA: NT_STATUS_ACCESS_DENIED
[2006/03/22 09:04:37, 3] smbd/sesssetup.c:reply_spnego_kerberos(185)
  Ticket name is [åöä@DOMAIN.LOCAL]
[2006/03/22 09:04:37, 10] smbd/sesssetup.c:reply_spnego_kerberos(244)
  Mapping [DOMAIN.LOCAL] to short name
[2006/03/22 09:04:37, 10] smbd/sesssetup.c:reply_spnego_kerberos(257)
  Mapped to [DOMAIN] (using Winbind)
[2006/03/22 09:04:37, 5] lib/username.c:Get_Pwnam_alloc(313)
  Finding user DOMAIN\åöä
[2006/03/22 09:04:37, 5] lib/username.c:Get_Pwnam_internals(262)
  Trying _Get_Pwnam(), username as lowercase is tuss\ã¥ã¶ã¤
[2006/03/22 09:04:37, 5] lib/username.c:Get_Pwnam_internals(269)
  Trying _Get_Pwnam(), username as given is DOMAIN\åöä
[2006/03/22 09:04:38, 5] lib/username.c:Get_Pwnam_internals(286)
  Checking combinations of 0 uppercase letters in tuss\ã¥ã¶ã¤
[2006/03/22 09:04:38, 5] lib/username.c:Get_Pwnam_internals(290)
  Get_Pwnam_internals didn't find user [DOMAIN\åöä]!
[2006/03/22 09:04:38, 5] lib/username.c:Get_Pwnam_alloc(313)
  Finding user åöä
[2006/03/22 09:04:38, 5] lib/username.c:Get_Pwnam_internals(262)
  Trying _Get_Pwnam(), username as lowercase is ã¥ã¶ã¤
[2006/03/22 09:04:38, 5] lib/username.c:Get_Pwnam_internals(269)
  Trying _Get_Pwnam(), username as given is åöä
[2006/03/22 09:04:38, 5] lib/username.c:Get_Pwnam_internals(286)
  Checking combinations of 0 uppercase letters in ã¥ã¶ã¤
[2006/03/22 09:04:38, 5] lib/username.c:Get_Pwnam_internals(290)
  Get_Pwnam_internals didn't find user [åöä]!
[2006/03/22 09:04:38, 5] lib/username.c:Get_Pwnam_alloc(313)
  Finding user åöä
[2006/03/22 09:04:38, 5] lib/username.c:Get_Pwnam_internals(262)
  Trying _Get_Pwnam(), username as lowercase is ã¥ã¶ã¤
[2006/03/22 09:04:38, 5] lib/username.c:Get_Pwnam_internals(269)
  Trying _Get_Pwnam(), username as given is åöä
[2006/03/22 09:04:38, 5] lib/username.c:Get_Pwnam_internals(286)
  Checking combinations of 0 uppercase letters in ã¥ã¶ã¤
[2006/03/22 09:04:38, 5] lib/username.c:Get_Pwnam_internals(290)
  Get_Pwnam_internals didn't find user [åöä]!
[2006/03/22 09:04:38, 1] smbd/sesssetup.c:reply_spnego_kerberos(286)
  Username DOMAIN\åöä is invalid on this system
[2006/03/22 09:04:38, 3] smbd/error.c:error_packet(146)
  error packet at smbd/sesssetup.c(291) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2006/03/22 09:04:38, 0] smbd/process.c:smb_dump(947)
  created /tmp/SMBsesssetupX.8.resp len 39
[2006/03/22 09:04:38, 5] lib/util.c:show_msg(476)
[2006/03/22 09:04:38, 5] lib/util.c:show_msg(486)
  size=35
  smb_com=0x73
  smb_rcls=109
  smb_reh=0
  smb_err=49152
  smb_flg=136
  smb_flg2=51201
  smb_tid=0
  smb_pid=65279
  smb_uid=101
  smb_mid=128
  smt_wct=0
  smb_bcc=0
[2006/03/22 09:04:38, 10] smbd/process.c:setup_select_timeout(1372)
  change_notify_timeout: -1
[2006/03/22 09:04:38, 10] smbd/process.c:run_events(299)
  run_events: No events
[2006/03/22 09:04:38, 10] lib/util_sock.c:read_data(517)
  read_data: read of 4 returned 0. Error = Success
[2006/03/22 09:04:38, 10] lib/util_sock.c:receive_smb_raw(666)
  receive_smb_raw: length < 0!
[2006/03/22 09:04:38, 3] smbd/process.c:timeout_processing(1447)
  timeout_processing: End of file from client (client has disconnected).
[2006/03/22 09:04:38, 5] lib/gencache.c:gencache_shutdown(88)
  Closing cache file
[2006/03/22 09:04:38, 5] libsmb/namecache.c:namecache_shutdown(79)
  namecache_shutdown: netbios namecache closed successfully.
[2006/03/22 09:04:38, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/03/22 09:04:38, 5] auth/auth_util.c:debug_nt_user_token(433)
  NT user token: (NULL)
[2006/03/22 09:04:38, 5] auth/auth_util.c:debug_unix_user_token(454)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/03/22 09:04:38, 5] smbd/uid.c:change_to_root_user(319)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2006/03/22 09:04:38, 2] smbd/server.c:exit_server(614)
  Closing connections
[2006/03/22 09:04:38, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to 
[2006/03/22 09:04:38, 3] smbd/server.c:exit_server(655)
  Server exit (normal exit)
Comment 2 jheinonen 2006-03-22 05:58:55 UTC
Created attachment 1818 [details]
This ad hoc patch makes the authentication work on my setup.
Comment 3 Jeremy Allison 2006-03-22 12:14:00 UTC
Ah, I see. There's a missing conversion to unix charset on pulling the utf8 data from the kerberos tickets. I'll look into this.
Jeremy.
Comment 4 Guenther Deschner 2006-03-24 03:44:24 UTC
Created attachment 1823 [details]
also convert from ucs2 to utf8 when validating the PAC

Jeremy, we also need to fix the PAC validation: 

The logon-name in the PAC is ucs2, the client principal in the ticket will (according to Love) always be utf8 from a Windows KDC. As we first compose a principal with the name from the PAC to do a principal compare then with the principal from the ticket afterwards, we need an additional ucs2->utf8 conversion.
Comment 5 Jeremy Allison 2006-03-24 10:30:03 UTC
Do we know what the KDC's expect as principal names in krb5 packets ? Do they expect any encoding, or assume always utf8 ? If so we need to push/pull on every principal names sent/received from the krb5 code. We need to go through and add this layer to all the krb5 code as we do in the LDAP code (or as I *think* we do without having looked at the code yet :-)

As for the patch I'd prefer to leave pull_ucs2 alone and just add another conversion from unix charset -> utf8 afterwards rather than adding another flag to pull_ucs2.

Jeremy.
Comment 6 Andrew Bartlett 2019-06-11 10:25:07 UTC
Samba converts krb5 principals to unix strings since b68b05854ff5a7e75953462eba74f97753428ef1 in Samba 3.4