Until Samba 3.5 the struct netr_LogonSamLogon in Netlogon send the samr_RidWithAttributeArray correctly. Ex: groups: struct samr_RidWithAttributeArray count : 0x00000001 (1) rids : * rids: ARRAY(1) rids: struct samr_RidWithAttribute rid : 0x00001411 (5137) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) In Samba 3.6 I get this: groups: struct samr_RidWithAttributeArray count : 0x00000000 (0) rids : * rids: ARRAY(0) The problem is clear, but I don't know where look for this struct.
Is related with 8455 bug, but I have this (ldap nss): # id hu.scanner uid=9138(hu.scanner) gid=2068(HU_CICE) grupos=2068(HU_CICE) In auth/server_info.c, in function group_sids_to_info3: ... /* if it is the primary gid, skip it, we * obviously already have it */ if (info3->base.primary_gid == rid) continue; ... Is not obvious because I don't find where the group (HU_CICE) is added to struct netr_SamInfo3 info3 (Never?).
Created attachment 7382 [details] Patch to resolve problem with Netapp and Samba 3.6 This patch change source3/auth/server_info.c to let the primary group to be added to to struct netr_SamInfo3 info3 only once.
Comment on attachment 7382 [details] Patch to resolve problem with Netapp and Samba 3.6 If we add the primary anyway, then we can just remove the if statement...
The problem is with duplicated group (the primary group and one of the Posix groups are the same). In the example, "if" discard the primary group (HU_CICE) and the posix Groups (HU_CICE).
(In reply to comment #4) > The problem is with duplicated group (the primary group and one of the Posix > groups are the same). > In the example, "if" discard the primary group (HU_CICE) and the posix Groups > (HU_CICE). How would we every have the same sid twice in the array? And if so we have to fix the caller. Can you please paste the full info3 structure debug message from 3.5 and 3.6 (failing, with your patch and without the if statement) (so 4 versions in total).
struct netr_LogonSamLogon With Samba 3.2.15 netr_LogonSamLogon: struct netr_LogonSamLogon out: struct netr_LogonSamLogon return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 0dac1397a71e2c18 timestamp : mar 06 mar 2012 19:21:49 CET CET validation : * validation : union netr_Validation(case 3) sam3 : * sam3: struct netr_SamInfo3 base: struct netr_SamBaseInfo last_logon : NTTIME(0) last_logoff : mar 19 ene 2038 04:14:07 CET CET acct_expiry : mar 19 ene 2038 04:14:07 CET CET last_password_change : lun 14 mar 2011 13:13:26 CET CET allow_password_change : lun 14 mar 2011 13:13:26 CET CET force_password_change : mar 19 ene 2038 04:14:07 CET CET account_name: struct lsa_String length : 0x0014 (20) size : 0x0014 (20) string : * string : 'hu.scanner' full_name: struct lsa_String length : 0x0014 (20) size : 0x0014 (20) string : * string : 'hu scanner' logon_script: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' home_drive: struct lsa_String length : 0x0004 (4) size : 0x0004 (4) string : * string : 'H:' logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) rid : 0x00004b4c (19276) primary_gid : 0x00001411 (5137) groups: struct samr_RidWithAttributeArray count : 0x00000001 (1) rids : * rids: ARRAY(1) rids: struct samr_RidWithAttribute rid : 0x00001411 (5137) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) user_flags : 0x00000020 (32) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 0: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : 3c6a856fb8d71f7bb842b43594c92fc1 logon_server: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : * string : 'DCICEHU01' domain: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : * string : 'DMCICE' domain_sid : * domain_sid : S-1-5-21-998097060-2804534988-3572090833 LMSessKey: struct netr_LMSessionKey key : 0000000000000000 acct_flags : 0x00000010 (16) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_NO_AUTH_DATA_REQD unknown: ARRAY(7) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) sidcount : 0x00000000 (0) sids : NULL authoritative : * authoritative : 0x01 (1) result : NT_STATUS_OK
struct netr_LogonSamLogon With Samba 3.6.3 (Original) netr_LogonSamLogon: struct netr_LogonSamLogon out: struct netr_LogonSamLogon return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : c84411eb2b836763 timestamp : mar mar 6 20:13:03 2012 CET validation : * validation : union netr_Validation(case 3) sam3 : * sam3: struct netr_SamInfo3 base: struct netr_SamBaseInfo last_logon : NTTIME(0) last_logoff : mar ene 19 04:14:07 2038 CET acct_expiry : mar ene 19 04:14:07 2038 CET last_password_change : lun mar 14 13:13:26 2011 CET allow_password_change : lun mar 14 13:13:26 2011 CET force_password_change : mar ene 19 04:14:07 2038 CET account_name: struct lsa_String length : 0x0014 (20) size : 0x0014 (20) string : * string : 'hu.scanner' full_name: struct lsa_String length : 0x0014 (20) size : 0x0014 (20) string : * string : 'hu scanner' logon_script: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' home_drive: struct lsa_String length : 0x0004 (4) size : 0x0004 (4) string : * string : 'H:' logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) rid : 0x00004b4c (19276) primary_gid : 0x00001411 (5137) groups: struct samr_RidWithAttributeArray count : 0x00000000 (0) rids : * rids: ARRAY(0) user_flags : 0x00000020 (32) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 0: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : f4d77dab8a602cf40fc519c479f69956 logon_server: struct lsa_StringLarge length : 0x0012 (18) size : 0x0014 (20) string : * string : 'BDCHUE002' domain: struct lsa_StringLarge length : 0x0006 (6) size : 0x0008 (8) string : * string : 'JDA' domain_sid : * domain_sid : S-1-5-21-998097060-2804534988-3572090833 LMSessKey: struct netr_LMSessionKey key : 0000000000000000 acct_flags : 0x00000010 (16) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS unknown: ARRAY(7) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) sidcount : 0x00000000 (0) sids : NULL authoritative : * authoritative : 0x01 (1) result : NT_STATUS_OK
struct netr_LogonSamLogon With Samba 3.6.3 (Patched) netr_LogonSamLogon: struct netr_LogonSamLogon out: struct netr_LogonSamLogon return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 3eeabc978d73fdbe timestamp : mié mar 14 12:40:13 2012 CET validation : * validation : union netr_Validation(case 3) sam3 : * sam3: struct netr_SamInfo3 base: struct netr_SamBaseInfo last_logon : NTTIME(0) last_logoff : mar ene 19 04:14:07 2038 CET acct_expiry : mar ene 19 04:14:07 2038 CET last_password_change : lun mar 14 13:13:26 2011 CET allow_password_change : lun mar 14 13:13:26 2011 CET force_password_change : mar ene 19 04:14:07 2038 CET account_name: struct lsa_String length : 0x0014 (20) size : 0x0014 (20) string : * string : 'hu.scanner' full_name: struct lsa_String length : 0x0014 (20) size : 0x0014 (20) string : * string : 'hu scanner' logon_script: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' home_drive: struct lsa_String length : 0x0004 (4) size : 0x0004 (4) string : * string : 'H:' logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) rid : 0x00004b4c (19276) primary_gid : 0x00001411 (5137) groups: struct samr_RidWithAttributeArray count : 0x00000001 (1) rids : * rids: ARRAY(1) rids: struct samr_RidWithAttribute rid : 0x00001411 (5137) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) user_flags : 0x00000020 (32) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 0: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : ee5295ca7c7afb810fd1442c835a384c logon_server: struct lsa_StringLarge length : 0x0012 (18) size : 0x0014 (20) string : * string : 'BDCHUE002' domain: struct lsa_StringLarge length : 0x0006 (6) size : 0x0008 (8) string : * string : 'JDA' domain_sid : * domain_sid : S-1-5-21-998097060-2804534988-3572090833 LMSessKey: struct netr_LMSessionKey key : 0000000000000000 acct_flags : 0x00000010 (16) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS 0: ACB_USE_AES_KEYS unknown: ARRAY(7) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) sidcount : 0x00000000 (0) sids : NULL authoritative : * authoritative : 0x01 (1) result : NT_STATUS_OK
struct netr_LogonSamLogon With Samba 3.6.3 (Without IF) netr_LogonSamLogon: struct netr_LogonSamLogon out: struct netr_LogonSamLogon return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : e6201e32df38bb23 timestamp : mié mar 14 13:10:23 2012 CET validation : * validation : union netr_Validation(case 3) sam3 : * sam3: struct netr_SamInfo3 base: struct netr_SamBaseInfo last_logon : NTTIME(0) last_logoff : mar ene 19 04:14:07 2038 CET acct_expiry : mar ene 19 04:14:07 2038 CET last_password_change : lun mar 14 13:13:26 2011 CET allow_password_change : lun mar 14 13:13:26 2011 CET force_password_change : mar ene 19 04:14:07 2038 CET account_name: struct lsa_String length : 0x0014 (20) size : 0x0014 (20) string : * string : 'hu.scanner' full_name: struct lsa_String length : 0x0014 (20) size : 0x0014 (20) string : * string : 'hu scanner' logon_script: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' home_drive: struct lsa_String length : 0x0004 (4) size : 0x0004 (4) string : * string : 'H:' logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) rid : 0x00004b4c (19276) primary_gid : 0x00001411 (5137) groups: struct samr_RidWithAttributeArray count : 0x00000001 (1) rids : * rids: ARRAY(1) rids: struct samr_RidWithAttribute rid : 0x00001411 (5137) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) user_flags : 0x00000020 (32) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 0: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : e98928b3ec01391499b3a167e28c7c9b logon_server: struct lsa_StringLarge length : 0x0012 (18) size : 0x0014 (20) string : * string : 'BDCHUE002' domain: struct lsa_StringLarge length : 0x0006 (6) size : 0x0008 (8) string : * string : 'JDA' domain_sid : * domain_sid : S-1-5-21-998097060-2804534988-3572090833 LMSessKey: struct netr_LMSessionKey key : 0000000000000000 acct_flags : 0x00000010 (16) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0: ACB_NO_AUTH_DATA_REQD 0: ACB_PARTIAL_SECRETS_ACCOUNT 0: ACB_USE_AES_KEYS unknown: ARRAY(7) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) sidcount : 0x00000000 (0) sids : NULL authoritative : * authoritative : 0x01 (1) result : NT_STATUS_OK
Ok and where is the problem with just removing the if statement?
Correct, there aren't problems. My checks said to me that the primary was processes twice. But I see now that this don't cause any different result.
Created attachment 7534 [details] Patch for 3.6.5
Comment on attachment 7534 [details] Patch for 3.6.5 I've pushed the patch to autobuild and will attach master commit here
Created attachment 7544 [details] Patch for v3-6-test
Comment on attachment 7544 [details] Patch for v3-6-test good.
Pushed to v3-6-test. Closing out bug report. Thanks!