Trying to connect to Samba with security=share (yes, I know it is deprecated, but the setting is still available) and using a username that is unknown to the server makes smbd crash Last logs: [2011/07/22 12:42:28.484570, 10, pid=20560] auth/auth_sam.c:75(auth_samstrict_auth) Check auth for: [ambi] [2011/07/22 12:42:28.484638, 8, pid=20560] lib/util.c:1520(is_myname) is_myname("TERRA") returns 1 [2011/07/22 12:42:28.484714, 4, pid=20560] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/07/22 12:42:28.484796, 4, pid=20560] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/07/22 12:42:28.484865, 4, pid=20560] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/07/22 12:42:28.484933, 5, pid=20560] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2011/07/22 12:42:28.485001, 5, pid=20560] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/07/22 12:42:28.485488, 5, pid=20560] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_ambi [2011/07/22 12:42:28.485608, 4, pid=20560] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/07/22 12:42:28.485678, 3, pid=20560] auth/check_samsec.c:399(check_sam_security) check_sam_security: Couldn't find user 'ambi' in passdb. [2011/07/22 12:42:28.485749, 5, pid=20560] auth/auth.c:271(check_ntlm_password) check_ntlm_password: sam authentication for user [ambi] FAILED with error NT_STATUS_NO_SUCH_USER [2011/07/22 12:42:28.485852, 0, pid=20560] ../lib/util/debug.c:413(talloc_log_fn) auth/auth_server.c:281: Type mismatch: name[NULL] expected[struct server_security_state] [2011/07/22 12:42:28.485934, 0, pid=20560] lib/util.c:1110(smb_panic) smb_panic: clobber_region() last called from [tdbsam_getsampwnam(545)] [2011/07/22 12:42:28.486042, 0, pid=20560] lib/util.c:1116(smb_panic) PANIC (pid 20560): auth/auth_server.c:281: Type mismatch: name[NULL] expected[struct server_security_state] Backtrace: (gdb) bt #0 0x00007fd702d9a64e in waitpid () from /lib64/libc.so.6 #1 0x00007fd702d2d769 in do_system () from /lib64/libc.so.6 #2 0x00007fd705e1262b in smb_panic (why=0x7fd706f7e920 "auth/auth_server.c:281: Type mismatch: name[NULL] expected[struct server_security_state]") at lib/util.c:1122 #3 0x00007fd7036c1df9 in talloc_abort (reason=0x7fd706f7e920 "auth/auth_server.c:281: Type mismatch: name[NULL] expected[struct server_security_state]") at ../lib/talloc/talloc.c:320 #4 0x00007fd7036c3846 in talloc_abort_type_missmatch (location=0x7fd7063ebf6a "auth/auth_server.c:281", name=0x0, expected=0x7fd7063ebd25 "struct server_security_state") at ../lib/talloc/talloc.c:1192 #5 0x00007fd7036c3881 in _talloc_get_type_abort (ptr=0x0, name=0x7fd7063ebd25 "struct server_security_state", location=0x7fd7063ebf6a "auth/auth_server.c:281") at ../lib/talloc/talloc.c:1200 #6 0x00007fd705e860e2 in check_smbserver_security (auth_context=0x7fd706f9fa50, my_private_data=0x0, mem_ctx=0x7fd706f96a90, user_info=0x7fd706f88c40, server_info=0x7fd706f7faa8) at auth/auth_server.c:280 #7 0x00007fd705e81a08 in check_ntlm_password (auth_context=0x7fd706f9fa50, user_info=0x7fd706f88c40, server_info=0x7fd706f7faa8) at auth/auth.c:255 #8 0x00007fd705e93647 in auth_ntlmssp_check_password (ntlmssp_state=0x7fd706f8a4b0, mem_ctx=0x7fd706f80050, user_session_key=0x7fd706f80050, lm_session_key=0x7fd706f80060) at auth/auth_ntlmssp.c:146 #9 0x00007fd705b02361 in ntlmssp_server_auth (ntlmssp_state=0x7fd706f8a4b0, out_mem_ctx=0x7fd706f8a4b0, in=..., out=0x7fff87985660) at ../libcli/auth/ntlmssp_server.c:566 #10 0x00007fd705af0e10 in ntlmssp_update (ntlmssp_state=0x7fd706f8a4b0, input=..., out=0x7fff87985660) at libsmb/ntlmssp.c:269 #11 0x00007fd705af299b in auth_ntlmssp_update (ans=0x7fd706f7faa0, request=..., reply=0x7fff87985660) at libsmb/ntlmssp_wrap.c:154 #12 0x00007fd705a17078 in reply_spnego_auth (req=0x7fd706fa90d0, vuid=100, blob1=..., auth_ntlmssp_state=0x7fd706f93490) at smbd/sesssetup.c:799 #13 0x00007fd705a181b4 in reply_sesssetup_and_X_spnego (req=0x7fd706fa90d0) at smbd/sesssetup.c:1192 #14 0x00007fd705a1895b in reply_sesssetup_and_X (req=0x7fd706fa90d0) at smbd/sesssetup.c:1354 #15 0x00007fd705a68353 in switch_message (type=115 's', req=0x7fd706fa90d0, size=260) at smbd/process.c:1573 #16 0x00007fd705a68504 in construct_reply (sconn=0x7fd706f765d0, inbuf=0x0, size=260, unread_bytes=0, seqnum=0, encrypted=false, deferred_pcd=0x0) at smbd/process.c:1609 #17 0x00007fd705a6884a in process_smb (sconn=0x7fd706f765d0, inbuf=0x7fd706fa8f70 "", nread=260, unread_bytes=0, seqnum=0, encrypted=false, deferred_pcd=0x0) at smbd/process.c:1687 #18 0x00007fd705a6a02e in smbd_server_connection_read_handler (conn=0x7fd706f765d0, fd=25) at smbd/process.c:2307 #19 0x00007fd705a6a0a4 in smbd_server_connection_handler (ev=0x7fd706f76510, fde=0x7fd706f9a4f0, flags=1, private_data=0x7fd706f765d0) at smbd/process.c:2324 #20 0x00007fd705e25a56 in run_events_poll (ev=0x7fd706f76510, pollrtn=1, pfds=0x7fd706f968c0, num_pfds=2) at lib/events.c:282 #21 0x00007fd705a67812 in smbd_server_connection_loop_once (conn=0x7fd706f765d0) at smbd/process.c:1016 #22 0x00007fd705a6c913 in smbd_process (sconn=0x7fd706f765d0) at smbd/process.c:3153 #23 0x00007fd70624bd87 in smbd_accept_connection (ev=0x7fd706f76510, fde=0x7fd706f94e50, flags=1, private_data=0x7fd706f9b1b0) at smbd/server.c:505 #24 0x00007fd705e25a56 in run_events_poll (ev=0x7fd706f76510, pollrtn=1, pfds=0x7fd706f8f6e0, num_pfds=5) at lib/events.c:282 #25 0x00007fd705e25cf1 in s3_event_loop_once (ev=0x7fd706f76510, location=0x7fd70649001c "smbd/server.c:838") at lib/events.c:345 #26 0x00007fd705e26e2b in _tevent_loop_once (ev=0x7fd706f76510, location=0x7fd70649001c "smbd/server.c:838") at ../lib/tevent/tevent.c:494 #27 0x00007fd70624cad5 in smbd_parent_loop (parent=0x7fd706f8f770) at smbd/server.c:838 #28 0x00007fd70624db7c in main (argc=1, argv=0x7fff87986698) at smbd/server.c:1320
NB. This is with "security=server", not "security=share". Investigating.. Jeremy.
Ups, you are right my bad :( security=user works (reports NT_STATUS_LOGON_FAILURE), security=server crashes
One more question - does the user exist on the server that is acting as the "password server =" target, and if so did you log on using a valid password for that user, or does the user simply not exist on both Samba server and password server ? Jeremy.
I do not have a password server set. The user exists in /etc/passwd, but it was not added as Samba user. But the crash also happens when trying to connect as a user that is not in /etc/passwd. e.g. smbclient -U thisuserdoesnotexist%secret -L //localhost # cat lib/smb.conf [global] netbios name = TERRA workgroup = WORKGROUP security = server debug pid = yes debug level = 10 winbind max domain connections = 5 client NTLMv2 auth = yes max protocol= smb2 [data] path = /data [share] path = /data/ambi/share writeable = yes
I can't seem to reproduce this with a build from the latest v3-6-test - current top revision of bdc078a81e49bce3b51560a75984e0306c387573. Jeremy.
I can't reproduce this with either a smbclient or Windows7 client. Did you "make clean" before doing the build ? Jeremy.
Christian, can you arrange some time to work with me interactively on this over IRC please, as it 's a blocker for rc3. Jeremy.
Finally reproduced it ! Expect a patch shortly. Jeremy.
Created attachment 6712 [details] git-am fix for 3.6.0rc3. Fairly obvious patch I've already committed to master. Christian please review and test and I'll re-assign to Karolin once you've ok'ed it. Jeremy.
Comment on attachment 6712 [details] git-am fix for 3.6.0rc3. With the patch, the crash does no longer happen. However, I think the debug log might be misleading as there is no password server in the configuration, so which server is not connected? Or does it want to say that there is no password server in the config? But as this is a debug 10 log, users will usually not see it and the patch is good to go into 3-6-test
Re-assigning to Karolin for inclusion in 3.6.0rc3. Jeremy.
Pushed to v3-6-test. Closing out bug report. Thanks!
This is an issue for 3.5.x as well.
Created attachment 7327 [details] patch for v3-5-test
Re-assigning to Ambi for patch review.
Comment on attachment 7327 [details] patch for v3-5-test fixes the problem in v3-5-test
Karolin, please pick for 3.5.next
Pushed to v3-5-test. Closing out bug report. Thanks!