Bug 5314 - Lots of repeated errors cluttering log files caused by expected behaviour of winXP connections
Lots of repeated errors cluttering log files caused by expected behaviour of ...
Status: NEW
Product: Samba 3.0
Classification: Unclassified
Component: File Services
3.0.25b
x64 Windows XP
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-07 04:07 UTC by lbertacco
Modified: 2008-03-07 04:07 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description lbertacco 2008-03-07 04:07:27 UTC
+++ This bug was initially created as a clone of Bug #3480 +++

--- this is the original message of bug 3480 ---
I find quite a lot of repeated errors in samba logs:

The first one is:
[2006/02/03 12:14:00, 2] auth/auth.c:check_ntlm_password(317)
  check_ntlm_password:  Authentication for user [nobody] -> [nobody] FAILED with error NT_STATUS_WRONG_PASSWORD

The second one is:
[2006/02/03 12:14:00, 0] lib/util_sock.c:get_peer_addr(1340)
  getpeername failed. Error was Transport endpoint is not connected
[2006/02/03 12:14:00, 0] lib/util_sock.c:write_data(554)
  write_data: write failure in writing to client 85.138.152.42. Error Connection reset by peer
[2006/02/03 12:14:00, 0] lib/util_sock.c:send_smb(880)
  Error writing 4 bytes to client. -1. (Connection reset by peer)

--------------------------------------

A comment by Gerald (Jerry) Carter  says: "These appear as normal errors to me.  Search the samba ml for previous discussions about this."

I'm not sure exactly what discussion he is referring to but from what I found (which could be incorrect), the problem is that WinXP clients try to connect both to port 139 and 445 and then keep open only the session which is answered first and close the other (see e.g. http://ntsecurity.nu/papers/port445/).

Now, if this is indeed the real cause and this is expected behavior, I don't see how reporting 9 lines of errors in the log each time this occur can be considered normal and not a bug.

Proposed workarounds, are not acceptable either. These include:
- add "ports 139" to smb.conf; problem: clients supporting cifs (e.g. WinXP+) must revert to netbios over tcp
- add "ports 445" to smb.conf; problem: clients not supporting cifs but only netbios over tcp cannot access the server anymore 
- disable netbios over tcp on winxp+ clients; problem: these clients are not accessible by older clients anymore and some netbios-over-tcp-only functionalities are lost (e.g. netbios messages)