Bug 4659 - 'security = server' access broken after upgrade from 3.0.24 to 3.0.25
'security = server' access broken after upgrade from 3.0.24 to 3.0.25
Status: RESOLVED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: File Services
3.0.25
x64 Windows XP
: P3 major
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-25 04:01 UTC by James Gibbs
Modified: 2007-06-10 21:03 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description James Gibbs 2007-05-25 04:01:45 UTC
I'm running with 'security = server' and everything was working fine with version 3.0.24 of samba.  I upgraded to version 3.0.25 and I could no longer access my shares.

My XP client now reports, "The system cannot find the device specified." and a client->server network capture shows a logon failure:

10.1.2.4  10.1.1.83 SMB Negotiate Protocol Request
10.1.1.83 10.1.2.4  SMB Negotiate Protocol Response
10.1.2.4  10.1.1.83 SMB Session Setup Andx Request, NTLMSSP_NEGOTIATE
10.1.1.83 10.1.2.4  SMB Session Setup Andx Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
10.1.2.4  10.1.1.83 SMB Session Setup Andx Request, NTLMSSP_AUTH, User: DOMAIN\user
10.1.1.83 10.1.2.4  SMB Session Setup Andx Response, Error: STATUS_LOGON_FAILURE

A server->domain controller network capture shows the following repeating sequence (note that the anonymous Session Setup is successful):

10.1.1.83 10.1.1.1  TCP 45010 > microsoft-ds [SYN]
10.1.1.1  10.1.1.83 TCP microsoft-ds > 45010 [SYN, ACK]
10.1.1.83 10.1.1.1  TCP 45010 > microsoft-ds [ACK]
10.1.1.83 10.1.1.1  SMB Negotiate Protocol Request
10.1.1.1  10.1.1.83 SMB Negotiate Protocol Response
10.1.1.83 10.1.1.1  SMB Session Setup Andx Request, User: anonymous
10.1.1.1  10.1.1.83 SMB Session Setup Andx Response
10.1.1.83 10.1.1.1  TCP 45010 > microsoft-ds [FIN, ACK]
10.1.1.1  10.1.1.83 TCP microsoft-ds > 45010 [FIN, ACK]
10.1.1.83 10.1.1.1  TCP 45010 > microsoft-ds [ACK]

Downgrade back to version 3.0.24 and the problem goes away.
Comment 1 Volker Lendecke 2007-05-25 04:07:59 UTC
We think we fixed this with 3.0.25a. Please re-open this bug if 3.0.25a is still a problem.

Volker