Bug 5314 - Lots of repeated errors cluttering log files caused by expected behaviour of winXP connections
Summary: Lots of repeated errors cluttering log files caused by expected behaviour of ...
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.25b
Hardware: x64 Windows XP
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2008-03-07 04:07 UTC by lbertacco
Modified: 2021-01-04 16:46 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description lbertacco 2008-03-07 04:07:27 UTC
+++ This bug was initially created as a clone of Bug #3480 +++

--- this is the original message of bug 3480 ---
I find quite a lot of repeated errors in samba logs:

The first one is:
[2006/02/03 12:14:00, 2] auth/auth.c:check_ntlm_password(317)
  check_ntlm_password:  Authentication for user [nobody] -> [nobody] FAILED with error NT_STATUS_WRONG_PASSWORD

The second one is:
[2006/02/03 12:14:00, 0] lib/util_sock.c:get_peer_addr(1340)
  getpeername failed. Error was Transport endpoint is not connected
[2006/02/03 12:14:00, 0] lib/util_sock.c:write_data(554)
  write_data: write failure in writing to client Error Connection reset by peer
[2006/02/03 12:14:00, 0] lib/util_sock.c:send_smb(880)
  Error writing 4 bytes to client. -1. (Connection reset by peer)


A comment by Gerald (Jerry) Carter  says: "These appear as normal errors to me.  Search the samba ml for previous discussions about this."

I'm not sure exactly what discussion he is referring to but from what I found (which could be incorrect), the problem is that WinXP clients try to connect both to port 139 and 445 and then keep open only the session which is answered first and close the other (see e.g. http://ntsecurity.nu/papers/port445/).

Now, if this is indeed the real cause and this is expected behavior, I don't see how reporting 9 lines of errors in the log each time this occur can be considered normal and not a bug.

Proposed workarounds, are not acceptable either. These include:
- add "ports 139" to smb.conf; problem: clients supporting cifs (e.g. WinXP+) must revert to netbios over tcp
- add "ports 445" to smb.conf; problem: clients not supporting cifs but only netbios over tcp cannot access the server anymore 
- disable netbios over tcp on winxp+ clients; problem: these clients are not accessible by older clients anymore and some netbios-over-tcp-only functionalities are lost (e.g. netbios messages)
Comment 1 Björn Jacke 2021-01-04 16:46:47 UTC
51bc104c5c2e8f23fab1c599a7ec3e4291165244 increased the log level from 0 to 1