The Samba-Bugzilla – Bug 5314
Lots of repeated errors cluttering log files caused by expected behaviour of winXP connections
Last modified: 2008-03-07 04:07:27 UTC
+++ This bug was initially created as a clone of Bug #3480 +++
--- this is the original message of bug 3480 ---
I find quite a lot of repeated errors in samba logs:
The first one is:
[2006/02/03 12:14:00, 2] auth/auth.c:check_ntlm_password(317)
check_ntlm_password: Authentication for user [nobody] -> [nobody] FAILED with error NT_STATUS_WRONG_PASSWORD
The second one is:
[2006/02/03 12:14:00, 0] lib/util_sock.c:get_peer_addr(1340)
getpeername failed. Error was Transport endpoint is not connected
[2006/02/03 12:14:00, 0] lib/util_sock.c:write_data(554)
write_data: write failure in writing to client 18.104.22.168. Error Connection reset by peer
[2006/02/03 12:14:00, 0] lib/util_sock.c:send_smb(880)
Error writing 4 bytes to client. -1. (Connection reset by peer)
A comment by Gerald (Jerry) Carter says: "These appear as normal errors to me. Search the samba ml for previous discussions about this."
I'm not sure exactly what discussion he is referring to but from what I found (which could be incorrect), the problem is that WinXP clients try to connect both to port 139 and 445 and then keep open only the session which is answered first and close the other (see e.g. http://ntsecurity.nu/papers/port445/).
Now, if this is indeed the real cause and this is expected behavior, I don't see how reporting 9 lines of errors in the log each time this occur can be considered normal and not a bug.
Proposed workarounds, are not acceptable either. These include:
- add "ports 139" to smb.conf; problem: clients supporting cifs (e.g. WinXP+) must revert to netbios over tcp
- add "ports 445" to smb.conf; problem: clients not supporting cifs but only netbios over tcp cannot access the server anymore
- disable netbios over tcp on winxp+ clients; problem: these clients are not accessible by older clients anymore and some netbios-over-tcp-only functionalities are lost (e.g. netbios messages)