7429 – smbd/winbindd truncating user name: "Could not parse domain user"

Bug 7429 - smbd/winbindd truncating user name: "Could not parse domain user"

Summary: smbd/winbindd truncating user name: "Could not parse domain user"

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Samba 3.5
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	3.5.2
Hardware:	Sparc Solaris

Importance:	P3 major
Target Milestone:	---
Assignee:	Michael Adam
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-05-14 10:20 UTC by Klaus Kreuzwieser
Modified:	2018-03-27 20:17 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Klaus Kreuzwieser 2010-05-14 10:20:42 UTC

We have built Samba 3.5.2 with ADS support on Solaris 10 and joined the
server successfully into the domain. kinit, klist, wbinfo -g, wbinfo -u, net
ads info are working correctly.

Unfortunately whenever we want to access a share on the Solaris server from
our Windows XP / Windows 7 clients we get a logon box to specify username
and password.

smbd log file shows that the logon attempt is made with the correct user
(i.e. MYDOMAIN\WKAABC) but winbindd log file shows that the first character
of the username is missing (i.e. KAABC). We can not explain that weird
behaviour and have not found any hint in the documentation, bug database or
newsgroups.

log.smbd
[2010/05/12 09:14:34.411902,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2010/05/12 09:14:34.411964,  3]
smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego)
  Doing spnego session setup
[2010/05/12 09:14:34.412032,  3]
smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego)
  NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002
5.1] PrimaryDomain=[]
[2010/05/12 09:14:34.412309,  5]
smbd/sesssetup.c:753(parse_spnego_mechanisms)
  parse_spnego_mechanisms: Got OID 1.2.840.48018.1.2.2
[2010/05/12 09:14:34.412364,  5]
smbd/sesssetup.c:753(parse_spnego_mechanisms)
  parse_spnego_mechanisms: Got OID 1.2.840.113554.1.2.2
[2010/05/12 09:14:34.412424,  5]
smbd/sesssetup.c:753(parse_spnego_mechanisms)
  parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10
[2010/05/12 09:14:34.412478,  3]
smbd/sesssetup.c:805(reply_spnego_negotiate)
  reply_spnego_negotiate: Got secblob of size 1483
[2010/05/12 09:14:34.433890,  3] libads/authdata.c:304(decode_pac_data)
  Found account name from PAC: WKAABC [Limited User]
[2010/05/12 09:14:34.434046,  3] smbd/sesssetup.c:338(reply_spnego_kerberos)
  Ticket name is [wka...@myrealm]
[2010/05/12 09:14:34.434550,  5] lib/username.c:133(Get_Pwnam_alloc)
  Finding user MYDOMAIN\WKAABC
[2010/05/12 09:14:34.434609,  5] lib/username.c:77(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as lowercase is mydomain\wkaabc
[2010/05/12 09:14:34.452351,  5] lib/username.c:85(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as given is MYDOMAIN\WKAABC
[2010/05/12 09:14:34.454281,  5] lib/username.c:104(Get_Pwnam_internals)
  Checking combinations of 0 uppercase letters in mydomain\wkaabc
[2010/05/12 09:14:34.454428,  5] lib/username.c:110(Get_Pwnam_internals)
  Get_Pwnam_internals didn't find user [MYDOMAIN\WKAABC]!
[2010/05/12 09:14:34.454492,  5] lib/username.c:133(Get_Pwnam_alloc)
  Finding user WKAABC
[2010/05/12 09:14:34.454545,  5] lib/username.c:77(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as lowercase is wkaabc
[2010/05/12 09:14:34.455095,  5] lib/username.c:85(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as given is WKAABC
[2010/05/12 09:14:34.455676,  5] lib/username.c:104(Get_Pwnam_internals)
  Checking combinations of 0 uppercase letters in wkaabc
[2010/05/12 09:14:34.455746,  5] lib/username.c:110(Get_Pwnam_internals)
  Get_Pwnam_internals didn't find user [WKAABC]!
[2010/05/12 09:14:34.456052,  1] smbd/sesssetup.c:454(reply_spnego_kerberos)
  Username MYDOMAIN\WKAABC is invalid on this system
[2010/05/12 09:14:34.456164,  3] smbd/error.c:80(error_packet_set)
  error packet at smbd/sesssetup.c(459) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE

log.winbindd
[2010/05/12 09:14:34.451314,  3]
winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir)
  [17648]: request location of privileged pipe
[2010/05/12 09:14:34.452088,  2]
winbindd/winbindd.c:826(winbind_client_request_read)
  Could not read client request from fd 25: I/O error
[2010/05/12 09:14:34.452884,  3]
winbindd/winbindd_misc.c:352(winbindd_interface_version)
  [17648]: request interface version
[2010/05/12 09:14:34.453144,  3]
winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir)
  [17648]: request location of privileged pipe
[2010/05/12 09:14:34.453926,  3]
winbindd/winbindd_getpwnam.c:55(winbindd_getpwnam_send)
  getpwnam KAABC
[2010/05/12 09:14:34.453997,  5]
winbindd/winbindd_getpwnam.c:68(winbindd_getpwnam_send)
  Could not parse domain user: KAABC
[2010/05/12 09:14:34.454088,  5]
winbindd/winbindd_getpwnam.c:138(winbindd_getpwnam_recv)
  Could not convert sid S-0-0: NT_STATUS_INVALID_PARAMETER
[2010/05/12 09:14:34.454768,  3]
winbindd/winbindd_getpwnam.c:55(winbindd_getpwnam_send)
  getpwnam
[2010/05/12 09:14:34.454828,  5]
winbindd/winbindd_getpwnam.c:68(winbindd_getpwnam_send)
  Could not parse domain user:
[2010/05/12 09:14:34.454915,  5]
winbindd/winbindd_getpwnam.c:138(winbindd_getpwnam_recv)
  Could not convert sid S-0-0: NT_STATUS_INVALID_PARAMETER
[2010/05/12 09:14:34.455334,  3]
winbindd/winbindd_getpwnam.c:55(winbindd_getpwnam_send)
  getpwnam
[2010/05/12 09:14:34.455393,  5]
winbindd/winbindd_getpwnam.c:68(winbindd_getpwnam_send)
  Could not parse domain user:
[2010/05/12 09:14:34.455487,  5]
winbindd/winbindd_getpwnam.c:138(winbindd_getpwnam_recv)
  Could not convert sid S-0-0: NT_STATUS_INVALID_PARAMETER
[2010/05/12 09:14:34.507586,  3]
winbindd/winbindd_getpwnam.c:55(winbindd_getpwnam_send)
  getpwnam kaabc
[2010/05/12 09:14:34.507655,  5]
winbindd/winbindd_getpwnam.c:68(winbindd_getpwnam_send)
  Could not parse domain user: kaabc
[2010/05/12 09:14:34.507744,  5]
winbindd/winbindd_getpwnam.c:138(winbindd_getpwnam_recv)
  Could not convert sid S-0-0: NT_STATUS_INVALID_PARAMETER

smb.conf
[global]
        security = ADS
        realm = MYREALM
        password server = adc01,adc02,adc03,adc04

        workgroup = MYDOMAIN

        log level = 5

        idmap uid = 10000-100000
        idmap gid = 10000-100000

        local master = no
        domain master = no

[root-home]
        path = /root

Comment 1 Guenther Deschner 2010-05-27 05:46:41 UTC

Have you correctly configured the local system so that winbind users can actually be seen as local users (on linux that would be adding winbind to /etc/nsswitch.conf) ?

Comment 2 Klaus Kreuzwieser 2010-06-08 09:25:15 UTC

(In reply to comment #1)
> Have you correctly configured the local system so that winbind users can
> actually be seen as local users (on linux that would be adding winbind to
> /etc/nsswitch.conf) ?
> 

Yes - we have downgraded Samba to version 3.0.37 on our servers and everything works fine. So I don't think the problem can be related to any server environment settings.

On Samba 3.0.37 we see that winbindd receives the full user name MYDOMAIN\wkaabc, with version 3.5.2 it receives only kabc.

Please see this line of winbindd daemon log file:
winbindd/winbindd_getpwnam.c:68(winbindd_getpwnam_send)
  Could not parse domain user: KAABC

Comment 3 Björn Jacke 2018-03-27 20:17:10 UTC

this is either a long fixed bug or (more likely) some system misconfiguration. I have seem been no such problem with any recent samba release.