Bug 2751 - Could'n find service %u
Bug#: 2751 Product:  Samba 3.0 Version: 3.0.14a Platform: x86
OS/Version: Windows 2000 Status: NEW Severity: normal Priority: P1
Resolution:  Assigned To: samba-bugs@samba.org Reported By: tomas.polak@jaga.sk QA Contact: samba-qa@samba.org
Component: File Services Target Milestone: none
URL: 
Summary: Could'n find service %u
Keywords:  
Opened: 2005-05-29 23:19 CST
Description:   Opened: 2005-05-29 23:19 CST
Sorry, that I am not ideal bug reporter, bug try to make things clear.
All clients have same W2K SP4, with the same network settings. We have about 50 
clients using Samba server as PDC and files sharing via home shares.
I have upgraded from 3.0.8 to 3.0.14a on my Debian Linux server (Sarge). 
Immediately after that only some of my users registered tree types of errors:

1) Even I have "login drive = J:", their drive J disapear.
Via browsing networks is possible to connect this share manually a map them to 
wanted drive letter.

2) Unability to save Excel files to some directories. Excel display error and 
saved file under random name to the same shared directory. This file is 
possible to open but not save as.

3) Losing connection to shared home directory time by time.


There is interesting, that those errors appears only on some clients, others 
works fine. Even there probably must be some difference between them, I have 
not discovered any yet.

I have find an 3.0.7 debian package and after downgrade to this version all 
problems disapppears.

I'll try to add my samba.conf, smb.log and one-station detail log to this 
report.
I started the 3.0.14a daemon at 2005/05/23 12:24:34 and the 3.0.7 at 2005/05/25 
17:14:23.

If you will miss some informations, please feel free to ask.
Tomas Polak

------- Comment #1 From Tomas Polak 2005-05-29 23:22:07 CST -------
Created an attachment (id=1246) [details]
Samba daemon log file

------- Comment #2 From Tomas Polak 2005-05-29 23:22:58 CST -------
Created an attachment (id=1247) [details]
One client station log file

This is log from one of the problematic clients.

------- Comment #3 From Tomas Polak 2005-05-29 23:23:28 CST -------
Created an attachment (id=1248) [details]
Samba config file

------- Comment #4 From Gerald (Jerry) Carter 2005-08-23 07:26:13 CST -------
This is actually how it is supposed to work.  The %u
requires an active connection to a share, but the domain
logon happens outside any any given share.  So the %u is
not expanded when sent back the client in the NET_USER_INFO_3
structure (part of the samlogon reply). 

------- Comment #5 From Tomas Polak 2005-08-24 08:13:27 CST -------
Thank you for explanation, however this is not exactly I was hoped for.

I am using one Debian machine as file server and Samba PDC. I have more Debian 
servers in the net, so I can use another one as PDC but only this one as file 
server.
I need to have one mapped network share on each workstation pointing to logged 
user home directory. This home directory we keep read-only and have there many 
symlinks pointing to user-accesible places. Mapping of this share can be done 
automatically (as user logs in) or manually (as W2K auto-reconnected share map).

For many reasons I preffer using the latest Samba version, but currently (due 
this "supposed behavior") we must keep 3.0.7

Please, can you suggest me any workaround for my case?

Thanks a lot.
Tomas Polak

------- Comment #6 From Tim Boneko 2007-05-20 14:38:31 CST -------
(In reply to comment #5)
Hello Tomas,

i found this bug report when looking for solutions to a problem with my logon
path. (Found that indeed.)

Your problem looks like a configuration error. The group of user "katkav" could
not be found. What's written in the line of user "katkav" in /etc/passwd?
There's some error there or in /etc/group.

Feel free to email me under tim@boneko.de. 

  tim

Bug 6583 - Samba server ignores FILE_OPEN_FOR_BACKUP_INTENT
Bug#: 6583 Product:  Samba 3.6 Version: unspecified Platform: All
OS/Version: Linux Status: NEW Severity: enhancement Priority: P2
Resolution:  Assigned To: jra@samba.org Reported By: sfrench@us.ibm.com QA Contact: samba-qa@samba.org
Component: File services Target Milestone: ---
URL: 
Summary: Samba server ignores FILE_OPEN_FOR_BACKUP_INTENT
Keywords:  
Opened: 2009-07-29 00:00 CST
Description:   Opened: 2009-07-29 00:00 CST
CreateOption: CREATE_OPEN_BACKUP_INTENT (0x00004000) is ignored by Samba server
on open (NTCreateX SMB), but Windows uses it to allow a privileged user to open
a file for which it does not have permission (without this flag the admin user
should get access denied trying to open the file).

------- Comment #1 From Jeremy Allison 2009-07-29 13:01:08 CST -------
Do you have a test case for this, or a use case to show how it is supposed to
work ?
Jeremy.

------- Comment #2 From Steve French 2009-07-29 13:42:45 CST -------
MS says FILE_OPEN_FOR_BACKUP_INTENT (SMB NTCreateX  CreateOption):

"The file is being opened or created for the purposes of either a backup or a
restore operation. Thus, the server may make appropriate checks to ensure that
the caller is capable of overriding whatever security checks have been placed
on the file to allow a backup or restore operation to occur."

Similar text is in the description of the local Windows open call.  Various
applications (not just backup/restore) e.g. Cygwin, set this flag in order to
allow a privileged user (Admin or backup operator) to access files which they
otherwise would not have permission to access - but only when this flag is set.

------- Comment #3 From Steve French 2009-07-29 13:47:36 CST -------
Created an attachment (id=4481) [details]
wireshark trace showing backup intent flag

Same user (Administrator) mounted to Windows 2003 Domain Controller.  Frame 5
shows the failure (without BACKUP_INTENT flag) and Frame 47 shows the same but
with BACKUP_INTENT flag succeeding.

This (with and without flag) was done by trivial modification to Linux cifs
client since the customer test case was large, complex

------- Comment #4 From Steve French 2009-07-29 13:49:24 CST -------
Created an attachment (id=4482) [details]
patch to force Linux cifs client to send FILE_OPEN_FOR_BACKUP_INTENT on SMB
NTCreateX

I tried backup intent flag by rebuilding cifs.ko (Linux client) with this
trivial patch.

------- Comment #5 From Steve French 2009-07-29 14:48:00 CST -------
Note that Samba 4 defines the flag with a different name:

and that currently Samba 4 torture test for the FindFirst version is the only
place where the flag seems to be used (in /torture/raw/search.c)

The defines for this flag, and the NO COMRPESSION option, are included in the
libcli/raw/smb.h for Samba 4 (and similarly in Linux cifs client, and in MS-SMB
doc):

#define NTCREATEX_OPTIONS_BACKUP_INTENT             0x4000
#define NTCREATEX_OPTIONS_NO_COMPRESSION            0x8000

There is a similar flag on FindFirst (see trans2.h)

------- Comment #6 From Steve French 2009-07-29 15:05:24 CST -------
Created an attachment (id=4483) [details]
Adds into smb.h the definitions for all missing create options

------- Comment #7 From Volker Lendecke 2009-08-21 09:37:34 CST -------
Pushed the patch, but the feature needs much more discussion.

Volker

------- Comment #8 From Steve French 2009-09-17 20:47:24 CST -------
FYI - I also had forwarded a Win32 test case for this earlier in the summer to
jra - any update?

------- Comment #9 From Steve French 2009-10-02 15:16:51 CST -------
Per-jra discussion - make blocker for 3.5.

Biggest obstacle now is getting a good smb-torture case for this, and related
ACL (raw/acls.c is too narrow) and deal with the foreign sid issue in
constructing a repeatable test case (repeatable test case needed obviously for
build verification and future functional testing, and so we don't regress ACLs
in the future or across different ACL backends).

------- Comment #10 From Jeremy Allison 2010-01-25 11:46:37 CST -------
Re-prioritizing to enhancement as this isn't going to make the 3.5.0 release.
Jeremy.

------- Comment #11 From Michael Reissner 2010-02-26 13:47:34 CST -------
Created an attachment (id=5428) [details]
Create a file on a remote share with an empty ACL, then try to open it with
FILE_FLAG_BACKUP_SEMANTICS.

To use this test, run
  BackupIntentTest.exe your_config.txt

where your_config.txt looks like:
server=YOUR_SERVER
share=YOUR_SHARE
user_1=USER@YOUR.DOMAIN
pswd_1=USER1PSWD
priv_user=USER_W_BACKUP_PRIVS@YOUR.DOMIN
priv_pswd=PRIVPSWD

It creates the file as user_1, with an empty ACL.  Then, it tries to open the
file as the user that's running the test: this should not be allowed.  It
finally impersonates the privileged user, with the Backup privilege enabled,
and opens the file for reading with the FILE_FLAG_BACKUP_SEMANTICS flag, which
should be allowed.

------- Comment #12 From Jeremy Allison 2010-02-26 19:15:07 CST -------
Great ! Thanks a lot. I'll take a look at implementing this for 3.5.1.

Jeremy.

------- Comment #13 From Karolin Seeger 2010-05-20 02:52:44 CST -------
Updating product.

Bug 2064 - Problem on Windows 98 machines opening a list of users and groups from Samba/LDAP domain
Bug#: 2064 Product:  Samba 3.0 Version: 3.0.12 Platform: x86
OS/Version: Windows 98 Status: NEW Severity: major Priority: P2
Resolution:  Assigned To: samba-bugs@samba.org Reported By: sergio@procempa.com.br QA Contact: samba-qa@samba.org
Component: User/Group Accounts Target Milestone: none
URL: 
Summary: Problem on Windows 98 machines opening a list of users and groups from Samba/LDAP domain
Keywords:  
Opened: 2004-11-18 12:55 CST
Description:   Opened: 2004-11-18 12:55 CST
when I try to share a directory on a Windows 98 workstation, I can't open a
users/groups list from Samba/LDAP 3.0.8 domain at the share dialog box. My
domain contains about 180 groups and 480 users. I think this is too large,
because when I try to do the same process using a Samba/LDAP 3.0.8 domain with a
short list of users/groups, everything works fine.
Analyzing with ethereal, I saw the server stopped sending information after a
few packets (2 or 3). The last packet seemed to be truncated. The tcpdump files
are available under request, in case they could be useful.

------- Comment #1 From Gerald (Jerry) Carter 2004-11-24 10:19:11 CST -------
*** Bug 2066 has been marked as a duplicate of this bug. ***

------- Comment #2 From Gerald (Jerry) Carter 2005-02-07 13:24:47 CST -------
please test 3.0.11 and reopen if this is not fixed.

------- Comment #3 From Sergio Roberto Claser 2005-03-03 07:52:16 CST -------
Jerry, the problem still remains.

------- Comment #4 From Sergio Roberto Claser 2005-03-14 05:50:55 CST -------
Jerry, the problem seems to be the same as that of BUG 1604. There is a lack of
sequence of the packages.

------- Comment #5 From Gerald (Jerry) Carter 2005-03-14 08:36:16 CST -------
so since BUG 1604 has been fixed in 3.0.12rc1, is this bug 
fixed then as well ?  I cannot reproduce any failures against
3.0.13pre1-SVN-build-5786 (basically the same as 3.0.12rc1).

------- Comment #6 From Sergio Roberto Claser 2005-03-14 11:42:21 CST -------
No, I tested 3.0.12PRE1 with Volker's patch for BUG 1604 and the Windows98
still
can't open a large users/groups list. When the list of users/groups fits in an
only package (1500 bytes), the list appears. But when more than one package is
necessary, it doesn't. I only want to compare the problem with BUG 1604, since
they are similar in the way that they do not follow the sequence of the initial
package. The package is repeated some times and stops.

------- Comment #7 From Gerald (Jerry) Carter 2005-03-14 12:14:15 CST -------
ok.  I understand now.  That's a big help.  Thanks.

Bug 2230 - windows dos command dir doesn't work correct with lower case german special chars
Bug#: 2230 Product:  Samba 3.0 Version: 3.0.10 Platform: x86
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: ab@samba.org Reported By: Markus.Megerlin@eilebrecht.de QA Contact: samba-qa@samba.org
Component: Extended Characters Target Milestone: none
URL: 
Summary: windows dos command dir doesn't work correct with lower case german special chars
Keywords:  
Opened: 2005-01-10 06:58 CST
Description:   Opened: 2005-01-10 06:58 CST
If you create a file in dos commandshell e.g. "touch äö.txt" and try to list
it 
up with an "dir ä*.txt" it doesn't appear. 
This worked with samba2 without any problems. 
This error occurs only in the commandshell of windows.
The special chars are displayed correctly and a "dir *.*" shows the 
file "äö.txt".

Bug 2544 - winpopup messages with euro sign truncated
Bug#: 2544 Product:  Samba 3.0 Version: 3.0.9 Platform: x86
OS/Version: Linux Status: NEW Severity: minor Priority: P3
Resolution:  Assigned To: ab@samba.org Reported By: gerdfleischer@web.de QA Contact: samba-qa@samba.org
Component: Extended Characters Target Milestone: none
URL: 
Summary: winpopup messages with euro sign truncated
Keywords:  
Opened: 2005-03-24 02:59 CST
Description:   Opened: 2005-03-24 02:59 CST
When I send winpopup messages from samba to samba they get truncated if they
contain a euro sign right before it. (UTF-8 env.)

Bug 3501 - problem with some characters (����) in filename
Bug#: 3501 Product:  Samba 3.0 Version: 3.0.21b Platform: x86
OS/Version: Windows 2000 Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: ab@samba.org Reported By: dieter.ferdinand@gmx.de QA Contact: samba-qa@samba.org
Component: Extended Characters Target Milestone: none
URL: 
Summary: problem with some characters (����) in filename
Keywords:  
Opened: 2006-02-12 05:05 CST
Description:   Opened: 2006-02-12 05:05 CST
hello,
i have problems with the character conversion and i use linux.

i must set characterset to cp450 for dos and unix, so that the characters ����
are the same on unix and windows.

but i can't open a file with this characters in the filename.

i check the transfered data with ethereal and in both direction the characters
are send with the same ascii-codes.

i think, there is a bug in the translation for the filenames, which samba
receive.

with other settings, i get anreadable charachters in filenames or for all this
characters an underline.

only if i use for unix a character set, which generate two charaters for one, i
can open the files from windows-client, but then i have unreadable charaters
under unix.

goodby

------- Comment #1 From Alexander Bokovoy 2007-05-22 06:08:38 CST -------
Please re-test with 3.0.25, is it reproduceable?

Bug 4869 - Printer Listing fails if printcap file has 16+ characters
Bug#: 4869 Product:  Samba 3.0 Version: 3.0.25b Platform: x64
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: ab@samba.org Reported By: bootsy52@gmx.net QA Contact: samba-qa@samba.org
Component: Extended Characters Target Milestone: none
URL: 
Summary: Printer Listing fails if printcap file has 16+ characters
Keywords:  
Opened: 2007-08-08 12:20 CST
Description:   Opened: 2007-08-08 12:20 CST
If the printcap entry (generated by CUPS) has more then 16 characters you won't
get any printer listing in samba, if you do not have set the printing parameter 

If you set 

printing = CUPS

it works, however if you set 

printing = CUPS
printcap = cups

it does work not. If your printer Alias has no whitespaces, the first column of
/etc/printcap works with more then 16+ characters however, then the second
colun is limited to 16 characters.

From what I found on the net M$ has a Limitation on Printer Names when printing
using the unix lpr service, however this is Printer Share and *not* Microsofts
lpr service.

Below are the results I tracked down ( I have just tested this with only 1
printer listed in /etc/printcap)

/etc/printcap

WORKS

PrinterSomethin|HP DeskJet
970C:rm=hauptserver.some-domain.local:rp=PrinterSomethin:

Printer123Somethin|HP-DeskJet-970C:rm=hauptserver.some-domain.local:rp=Printer123Somethin:

WORKS NOT

PrinterSomething|HP DeskJet
970C:rm=hauptserver.some-domain.local:rp=PrinterSomething:

PrinterSomethin|HP-DeskJet-970CA:rm=hauptserver.some-domain.local:rp=PrinterSomethin:

Additionally you find this in the logs

[2007/08/08 19:02:59, 1] smbd/ipc.c:api_fd_reply(290)
  api_fd_reply: INVALID PIPE HANDLE: 76de

So if you decide that this is not Bug, then the documentation of smb.conf(5)
has to be updated to reflect this limitation.

------- Comment #1 From Carsten Menke 2007-08-08 12:24:37 CST -------
Sorry the last testcase should have read

PrinterSomething|HP-DeskJet-970CA:rm=hauptserver.some-domain.local:rp=PrinterSomething:

(Note the 'g')

Bug 2210 - Some NT_STATUS_* errors don't have mapped PAM errors
Bug#: 2210 Product:  Samba 3.0 Version: 3.0.12 Platform: x86
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: narayana.pattipati@wipro.com QA Contact: 
Component: File Services Target Milestone: none
URL: 
Summary: Some NT_STATUS_* errors don't have mapped PAM errors
Keywords:  
Opened: 2005-01-05 06:58 CST
Description:   Opened: 2005-01-05 06:58 CST
Error messages like NT_STATUS_ACCOUNT_DISABLED, NT_STATUS_PASSWORD_RESTRICTION
does not have mapped PAM errors. So, when an application receives them, the PAM 
error will be "4", which is PAM_SYS_ERROR. 

So, the end user will not know what went wrong even though pam_winbind returns 
errors like "account disabled", "password restriction" etc. 

These errors should be mapped to known PAM errors, so that applications can
interpret them in a better way and convey the same to end user.

------- Comment #1 From Narayana Pattipati 2005-01-05 07:22:58 CST -------
Created an attachment (id=877) [details]
Patch to map some NT_STATUS_* errors to PAM errors

------- Comment #2 From Narayana Pattipati 2005-01-05 07:23:53 CST -------
The patch attached above was discussed in samba-technical mailing list @
http://lists.samba.org/archive/samba-technical/2004-December/038398.html

------- Comment #3 From Gerald (Jerry) Carter 2005-03-21 19:42:39 CST -------
moving back to 3.0

Bug 4930 - Server Manager: Usage Summary and "In Use" not implemented
Bug#: 4930 Product:  Samba 4.0 Version: unspecified Platform: All
OS/Version: All Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: mdw@samba.org QA Contact: abartlet@samba.org
Component: DCE-RPCs and pipes Target Milestone: ---
URL: 
Summary: Server Manager: Usage Summary and "In Use" not implemented
Keywords:  
Opened: 2007-08-29 14:16 CST
Description:   Opened: 2007-08-29 14:16 CST
Under Computer/Properties...

------- Comment #1 From Matthias Dieter Wallnöfer 2007-09-04 15:24:20 CST -------
*** Bug 4933 has been marked as a duplicate of this bug. ***

------- Comment #2 From Matthias Dieter Wallnöfer 2007-09-04 15:27:57 CST -------
Now, after analysing the cause of the problem: in fact it is the missing
implementation in dcesrv_srvsvc_NetFileEnum case 3. We need to bring this up.

Bug 4931 - Server Manager: "Users" not implemented
Bug#: 4931 Product:  Samba 4.0 Version: unspecified Platform: All
OS/Version: All Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: mdw@samba.org QA Contact: abartlet@samba.org
Component: DCE-RPCs and pipes Target Milestone: ---
URL: 
Summary: Server Manager: "Users" not implemented
Keywords:  
Opened: 2007-08-29 14:17 CST
Description:   Opened: 2007-08-29 14:17 CST
Under Computer/Properties

------- Comment #1 From Matthias Dieter Wallnöfer 2007-09-04 15:28:33 CST -------
Now, after analysing the cause of the problem: in fact it is the missing
implementation in dcesrv_srvsvc_NetSessEnum case 1. We need to bring this up.

Bug 4932 - Server Manager: "Connected Users" not implemented
Bug#: 4932 Product:  Samba 4.0 Version: unspecified Platform: All
OS/Version: All Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: mdw@samba.org QA Contact: abartlet@samba.org
Component: DCE-RPCs and pipes Target Milestone: ---
URL: 
Summary: Server Manager: "Connected Users" not implemented
Keywords:  
Opened: 2007-08-29 14:19 CST
Description:   Opened: 2007-08-29 14:19 CST
Under Computer/Properties/Shares

------- Comment #1 From Matthias Dieter Wallnöfer 2007-09-04 15:29:19 CST -------
Now, after analysing the cause of the problem: in fact it is the missing
implementation in dcesrv_srvsvc_NetConnEnum case 1. We need to bring this up.

Bug 4936 - Server Manager: "Send Message" not implemented
Bug#: 4936 Product:  Samba 4.0 Version: unspecified Platform: All
OS/Version: All Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: mdw@samba.org QA Contact: abartlet@samba.org
Component: DCE-RPCs and pipes Target Milestone: ---
URL: 
Summary: Server Manager: "Send Message" not implemented
Keywords:  
Opened: 2007-08-29 14:24 CST
Description:   Opened: 2007-08-29 14:24 CST
Under Computer

------- Comment #1 From Matthias Dieter Wallnöfer 2007-09-04 15:31:54 CST -------
Now, after analysing the cause of the problem: in fact it is the missing
implementation in dcesrv_srvsvc_NetSessEnum case 0. We need to bring this up.

------- Comment #2 From Matthias Dieter Wallnöfer 2008-01-07 15:25:47 CST -------
Andrew, have you checked this one?

Bug 4938 - Feature request: Services management over RPCs
Bug#: 4938 Product:  Samba 4.0 Version: unspecified Platform: All
OS/Version: All Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: mdw@samba.org QA Contact: abartlet@samba.org
Component: DCE-RPCs and pipes Target Milestone: ---
URL: 
Summary: Feature request: Services management over RPCs
Keywords:  
Opened: 2007-08-29 14:35 CST
Description:   Opened: 2007-08-29 14:35 CST
At some point I would also integrate the possibility to manage the UNIX
services with the Windows tools (similar to SAMBA 3).

Bug 5213 - Threads: Avoid gethostbyname()
Bug#: 5213 Product:  Samba 4.0 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: jelmer@samba.org QA Contact: abartlet@samba.org
Component: Other Target Milestone: ---
URL: 
Summary: Threads: Avoid gethostbyname()
Keywords:  
Opened: 2008-01-19 11:01 CST
Description:   Opened: 2008-01-19 11:01 CST
We still use the thread-unsafe gethostbyname() function in several places. We
should be using 
gethostbyname_r or getaddrinfo() instead.

lib/replace/getaddrinfo.c:      return
canon_name_from_hostent(gethostbyname(name), perr);
lib/replace/getaddrinfo.c:      hp = gethostbyname(node);
lib/socket/socket_ip.c: he = gethostbyname2(name, PF_INET6);
lib/util/system.c:              return(gethostbyname(name));
lib/util/system.c:              return(gethostbyname(name));
lib/util/system.c:              return(gethostbyname(name));
lib/util/system.c:      return(gethostbyname(query));
lib/util/system.c:      return(gethostbyname(name));

Bug 5214 - Threads: Avoid gethostbyaddr()
Bug#: 5214 Product:  Samba 4.0 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: jelmer@samba.org QA Contact: abartlet@samba.org
Component: Other Target Milestone: ---
URL: 
Summary: Threads: Avoid gethostbyaddr()
Keywords:  
Opened: 2008-01-19 11:03 CST
Description:   Opened: 2008-01-19 11:03 CST
We still use the thread-unsafe gethostbyaddr():

lib/socket/socket_ip.c: he = gethostbyaddr((char *)&peer_addr.sin_addr,
sizeof(peer_addr.sin_addr), AF_INET);
lib/socket/socket_ip.c: he = gethostbyaddr((char *)&peer_addr.sin6_addr,
sizeof(peer_addr.sin6_addr), AF_INET6)

Instead, we should be using getnaemeinfo() or gethostbyaddr_r().

Bug 5215 - Threads: Avoid inet_ntoa()
Bug#: 5215 Product:  Samba 4.0 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: jelmer@samba.org QA Contact: abartlet@samba.org
Component: Other Target Milestone: ---
URL: 
Summary: Threads: Avoid inet_ntoa()
Keywords:  
Opened: 2008-01-19 11:07 CST
Description:   Opened: 2008-01-19 11:07 CST
We still use the thread-unsafe inet_ntoa() in a couple of places.

Instead, we should be using the getnameinfo() call.

Bug 5917 - Samba does not work on site with Read Only Domain Controller
Bug#: 5917 Product:  Samba 3.0 Version: 3.0.32 Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: yen.liew@centrify.com QA Contact: samba-qa@samba.org
Component: net utility Target Milestone: none
URL: 
Summary: Samba does not work on site with Read Only Domain Controller
Keywords:  
Opened: 2008-11-24 03:59 CST
Description:   Opened: 2008-11-24 03:59 CST
There are 2 issues when Samba server runs on site with Read Only Domain
Controller : 

Issue 1 
--------
  1) When run  "net ads join -U administrator" , error 
    "Failed to join domain: NT_STATUS_NOT_SUPPORTED" is returned.  
  2) And when joining to same domain using Windows XP located in the same site, 
     XP can join to domain successfully. 

  So, to workaround this join problem, I have to remove gencache.tdb, and add
password server="writable DC"  to smb.conf.    

Issue 2
-------
  So, after the computer join domain successfully,  and wait until the computer
object in AD is replicated to the Read Only Site. 
  Then, I removed the password server="writable DC".  
  --> And, attempted to list share directory as AD user, always failed with 
NT_STATUS_NO_TRUST_SAM_ACCOUNT: 
    smbclient -U <ad user>\\<NTLM Domain> -L localhost

------- Comment #1 From Yen Liew 2008-11-24 04:08:42 CST -------
Created an attachment (id=3756) [details]
smb.conf 

------- Comment #2 From Yen Liew 2008-11-24 04:10:16 CST -------
Created an attachment (id=3757) [details]
logfile when run smbclient -U aduser -L localhost 

------- Comment #3 From Yen Liew 2008-11-24 04:13:28 CST -------
Created an attachment (id=3758) [details]
Output when run net ads join to domain from RODC site 

------- Comment #4 From Stefan (metze) Metzmacher 2008-11-24 04:17:11 CST -------
Could you please provide network captures of wireshark or tcpdump -s 0
of the windows xp box joining + a logon of a user and maybe a password change.

And also network captures of the failing net ads join and smbclient commands.

------- Comment #5 From Yen Liew 2008-11-24 04:29:03 CST -------
Created an attachment (id=3759) [details]
Network trace when run smbclient  

see pkt 36, when the machine trying to authenticate itself using
NetrServerAuthenticate2, the RODC return with error NO_TRUST_SAM_ACCOUNT.

------- Comment #6 From Yen Liew 2008-11-24 04:56:01 CST -------
Created an attachment (id=3760) [details]
network trace when run ads join 

didn't set password server to writable DC in the smb.conf . 
Run "net ads join -U administrator" 

------- Comment #7 From Yen Liew 2008-11-24 05:54:50 CST -------
Created an attachment (id=3761) [details]
network trace  when XP (located in RODC Site) join to domain 

RODC IP : 192.168.0.113
XP IP : 192.168.3.242

------- Comment #8 From Yen Liew 2008-11-24 05:57:20 CST -------
Created an attachment (id=3762) [details]
Network trace for AD user login to XP in RODC site, right after XP join to
domain

note that :The XP computer object has not yet been replicated to the RODC.

------- Comment #9 From Yen Liew 2008-11-24 05:58:38 CST -------
Hi metze, the requested network traces are attached in comment#7 and comment#8

Bug 6213 - Feature request: Log rotation mechanism
Bug#: 6213 Product:  Samba 4.0 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: mat+Informatique.Samba@matws.net QA Contact: samba4-qa@samba.org
Component: Other Target Milestone: ---
URL: 
Summary: Feature request: Log rotation mechanism
Keywords:  
Opened: 2009-03-25 06:55 CST
Description:   Opened: 2009-03-25 06:55 CST
Samba3 and previous version had this cool feature that allow file rotating by
moving the current log and sending an HUP signal to smbd father process.

With Samba4 this doesn't work anymore. After moving the file and sending a HUP
signal to the samba father process old log are still written.

After some investigation, it appears that schedule_logs_reopen is called by the
process upon the reception of the HUP signal. But the reopening of the log will
only occur on the next time this process will write to the log (which can be
quite long on a lightly used setup) and others samba process do not update the
file descriptor of the log file.

A workaround for this problem is to send a HUP signal to all samba program.
Once all the samba process have received the HUP then file log is reopen.

------- Comment #1 From Andrew Bartlett 2009-03-26 16:46:50 CST -------
Samba4 likes to avoid using signals as a communication mechanism - they have
too many nasty side-effects.  We could allow this (for backward compatability),
but the modern approach would be to have a utility like Samba3's smbcontrol
send a message asking to rotate logs.

------- Comment #2 From Matthias Dieter Wallnöfer 2009-06-19 15:21:36 CST -------
So what should we do with this bug?

------- Comment #3 From Matthias Dieter Wallnöfer 2010-02-13 13:11:55 CST -------
I change this bug into a feature request since it's not really a bug. ekacnet,
as far as I see, you want simply to have a comfortable mechanism to do a
logfile rotation.

------- Comment #4 From Matthias Dieter Wallnöfer 2010-11-21 03:58:05 CST -------
Ekacnet, do you still need this?

------- Comment #5 From Matthieu Patou 2010-11-21 04:31:30 CST -------
Of course and if not me someone will need it (distros, for instance) the idea
of a sambacontrol like is a good way to achieve this 

------- Comment #6 From Andrew Bartlett 2010-11-21 04:37:54 CST -------
It is my intention to retain this facility from the s3 debug system if/when I
get a chance to merge the remainder of the debug systems.

------- Comment #7 From Matthieu Patou 2010-11-21 05:20:27 CST -------
And I think it's a good idea, of course so far I managed to do it in another
way but we definitely need this feature please do not close this request.

Bug 6358 - Thread-safety for s4 in 'master'
Bug#: 6358 Product:  Samba 4.0 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: derrell.lipman@unwireduniverse.com QA Contact: samba4-qa@samba.org
Component: Other Target Milestone: ---
URL: 
Summary: Thread-safety for s4 in 'master'
Keywords:  
Opened: 2009-05-14 09:59 CST
Description:   Opened: 2009-05-14 09:59 CST
To allow tracking the multitude of thread-safety potential issues, I've created
a wiki page with a checklist that we can slowly work through to help ensure
we've caught all of the gotchas in converting to a thread-safe core and
libsmbclient. See http://wiki.samba.org/index.php/Franky/Threadsafe_checklist

------- Comment #1 From Matthias Dieter Wallnöfer 2010-01-09 10:43:17 CST -------
We have two nearly identical bugs for the same issue: Thread safety regarding
s4. Therefore I merge both reports in one.

------- Comment #2 From Matthias Dieter Wallnöfer 2010-01-09 10:43:52 CST -------
*** Bug 5211 has been marked as a duplicate of this bug. ***

------- Comment #3 From Matthias Dieter Wallnöfer 2010-09-12 04:52:39 CST -------
*** Bug 7655 has been marked as a duplicate of this bug. ***

Bug 6600 - Tracking bug for SAMBA 4 Beta
Bug#: 6600 Product:  Samba 4.0 Version: unspecified Platform: All
OS/Version: All Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: mdw@samba.org QA Contact: samba4-qa@samba.org
Component: Other Target Milestone: ---
URL: 
Summary: Tracking bug for SAMBA 4 Beta
Keywords:  
Opened: 2009-08-03 03:25 CST
Description:   Opened: 2009-08-03 03:25 CST
This is the tracking bug which has to be satisfied for the first beta release
of SAMBA 4.

------- Comment #1 From Matthias Dieter Wallnöfer 2009-09-25 05:36:39 CST -------
Sadly we have to add some more blockers. Many thanks to ekacnet for finding the
most part of them.

Bug 6613 - Feature request: Inherit GPO settings
Bug#: 6613 Product:  Samba 4.0 Version: unspecified Platform: All
OS/Version: All Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: mdw@samba.org QA Contact: samba4-qa@samba.org
Component: AD: LDB/DSDB/SAMDB Target Milestone: ---
URL: 
Summary: Feature request: Inherit GPO settings
Keywords:  
Opened: 2009-08-06 02:22 CST
Description:   Opened: 2009-08-06 02:22 CST
At some stage we need some support for GPOs which should be applied by a SAMBA
4 DC/Member server.
I saw there was a start for a library in one of Jelmer's repos ("libpolicy") or
the "libgpo" in the master branch.

Bug 7143 - Feature request: Readability of backtraces
Bug#: 7143 Product:  Samba 4.0 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: jht@samba.org QA Contact: samba4-qa@samba.org
Component: Other Target Milestone: ---
URL: 
Summary: Feature request: Readability of backtraces
Keywords:  
Opened: 2010-02-16 21:34 CST
Description:   Opened: 2010-02-16 21:34 CST
You can also file a bug for the fact that the backtraces are so hard to read
(with %s stuff in the exception). 

Then, 'wbclient -u' - which failed to connect.  The error log show:

[Mon Feb 15 23:06:07 2010 CST, 0 nbt_server/irpc.c:125:nbtd_getdcname()]
nbtd_getdcname called
[Mon Feb 15 23:06:07 2010 CST, 0
librpc/rpc/dcerpc_util.c:625:dcerpc_pipe_auth_recv()]
Failed to bind to uuid 12345678-1234-abcd-ef00-01234567cffb -
NT_STATUS_UNSUCCESSFUL
[Mon Feb 15 23:06:07 2010 CST, 0
lib/cmdline/popt_common.c:58:popt_s4_talloc_log_fn()]
talloc: double free error - first free may be at
winbind/wb_samba3_protocol.c:316
[Mon Feb 15 23:06:07 2010 CST, 0
lib/cmdline/popt_common.c:58:popt_s4_talloc_log_fn()]
Bad talloc magic value - double free
[Mon Feb 15 23:06:07 2010 CST, 0 ../lib/util/fault.c:143:smb_panic()]
PANIC: Bad talloc magic value - double free
[Mon Feb 15 23:06:07 2010 CST, 0 ../lib/util/fault.c:62:call_backtrace()]
BACKTRACE: 33 stack frames:
 #0 samba(call_backtrace+0x1f) [0xe3710b]
 #1 samba(smb_panic+0x212) [0xe373d5]
 #2 samba [0xe519cd]
 #3 samba [0xe51a49]
 #4 samba [0xe51ac6]
 #5 samba [0xe51d25]
 #6 samba(talloc_vasprintf+0x7f) [0xe545d7]
 #7 samba(talloc_asprintf+0xcc) [0xe5471a]
 #8 samba [0x6f4919]
 #9 samba(_tevent_req_notify_callback+0x38) [0xe58be1]
 #10 samba [0xe58c13]
 #11 samba(_tevent_req_done+0x25) [0xe58c3a]
 #12 samba [0x803b03]
 #13 samba(_tevent_req_notify_callback+0x38) [0xe58be1]
 #14 samba [0xe58c13]
 #15 samba(_tevent_req_done+0x25) [0xe58c3a]
 #16 samba [0xb6c23d]
 #17 samba(_tevent_req_notify_callback+0x38) [0xe58be1]
 #18 samba [0xe58c13]
 #19 samba [0xe58d0c]
 #20 samba(tevent_common_loop_immediate+0x1f9) [0xe57804]
 #21 samba [0xe5a6c9]
 #22 samba(_tevent_loop_once+0xe8) [0xe55e94]
 #23 samba(tevent_common_loop_wait+0x25) [0xe560d1]
 #24 samba(_tevent_loop_wait+0x2b) [0xe5619c]

------- Comment #1 From Andrew Bartlett 2010-02-16 21:47:42 CST -------
I actually meant the python backtraces from the exceptions in provision, but
anyway...

------- Comment #2 From Matthias Dieter Wallnöfer 2010-02-17 12:31:26 CST -------
Marking as "feature request"

Bug 7185 - Feature request: Smaller LDB files - especially on >= 1000 objects
Bug#: 7185 Product:  Samba 4.0 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: mat+Informatique.Samba@matws.net QA Contact: samba4-qa@samba.org
Component: AD: LDB/DSDB/SAMDB Target Milestone: ---
URL: 
Summary: Feature request: Smaller LDB files - especially on >= 1000 objects
Keywords:  
Opened: 2010-02-25 14:20 CST
Description:   Opened: 2010-02-25 14:20 CST
A test with a 10 Mbytes LDIF import of 17000+ contacts yield a 300 Mbytes users
partition file (DC=foo,DC=bar) (after ldbbackup otherwise the size is even
bigger).
Part of the size is due to overduplication of SecurityDescriptor that accounts
for 20% of the size (I made the calculation by coping the file and then
removing the SD with a script), 
Gain can be done by doing as Windows (storing only different SD and having an
link as explained at:
http://technet.microsoft.com/en-us/library/cc772829%28WS.10%29.aspx, The SD
Table contains data that represents inherited security descriptors for each
object. With the introduction of the SD table in Windows Server 2003, inherited
security descriptors no longer have to be duplicated on each object that
inherits security descriptors. Instead, inherited security descriptors are
stored in the SD table and linked to the appropriate objects).
But clearly some big optimization have to be done somewhere else as we are
mapping the whole database in memory which means that ~300/400 MB will be used
for ~ 20 000 object shop.

For the same volume the whole Windows database (configuration and schema and
users) use 65MB.

------- Comment #1 From Matthias Dieter Wallnöfer 2010-02-25 16:11:29 CST -------
Well ekacnet, I think this is not really a bug but a feature request. I'm
marking it like this.

------- Comment #2 From Matthieu Patou 2010-02-26 02:35:31 CST -------
Mathias,
I don't think it's only a feature request. 20 000 real objects is not so much.
If you think that now when an object is deleted it is not really deleted but
moved and kept x months (6 if I recall) a medium company might face the pb
quite quickly or a least require much more memory than what we use to require
for running samba.

------- Comment #3 From Matthias Dieter Wallnöfer 2010-02-26 07:21:48 CST -------
But it's not a real bug either. I will mark the problem with a higher severity.

Bug 7322 - GPMC: unable to link an existing gpo on a site
Bug#: 7322 Product:  Samba 4.0 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: mat+Informatique.Samba@matws.net QA Contact: samba4-qa@samba.org
Component: Other Target Milestone: ---
URL: 
Summary: GPMC: unable to link an existing gpo on a site
Keywords:  
Opened: 2010-04-03 05:21 CST
Description:   Opened: 2010-04-03 05:21 CST
In gpmc, click on sites, then show sites and select existing sites (at least
Default First-Site-Name).

Right click on it, the option "link an existing GPO is not existing".

------- Comment #1 From Matthias Dieter Wallnöfer 2010-10-05 15:54:22 CST -------
Still an issue?

Bug 7540 - Windows w2k8 is not able to register SRV records when it's able to register A record
Bug#: 7540 Product:  Samba 4.0 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: mat+Informatique.Samba@matws.net QA Contact: samba4-qa@samba.org
Component: AD: LDB/DSDB/SAMDB Target Milestone: ---
URL: 
Summary: Windows w2k8 is not able to register SRV records when it's able to register A record
Keywords:  
Opened: 2010-07-01 03:04 CST
Description:   Opened: 2010-07-01 03:04 CST
I keep receiving errors about the windows server not able to register the SRV
record: _VLMCS._TCP.domain.

Registering A and PTR record is ok, I guess this is due to the fact the updates
rules authorize only a workstation to update its own A and AAAA record.

In theory we could had a rule to allow any authenticated tier to register a SRV
record but it's major security threat as anyone could then register
_msdcs.domain records (ie the one used for locating dcs ...).

Bug 7605 - Kerberos: Principal may not act as server ERROR
Bug#: 7605 Product:  Samba 4.0 Version: unspecified Platform: x64
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: ajay.aggarwal@stratus.com QA Contact: samba4-qa@samba.org
Component: AD: LDB/DSDB/SAMDB Target Milestone: ---
URL: 
Summary: Kerberos: Principal may not act as server ERROR
Keywords:  
Opened: 2010-08-05 10:48 CST
Description:   Opened: 2010-08-05 10:48 CST
We are running samba4 (alpha12) on a centos 5.4  machine and are experimenting
with Hyper-V 2008 R2 Failover Clustering, which requires Active Directory. We
are trying to see if samba-4 will work as the AD server. We  are building a 2
node failover cluster. Both nodes seem to have joined the domain successfully
(with samba-4 as the DC). But subsequent steps of creating the "Failover
Cluster" are failing and we see following errors in samba log. 


------- Errors at the time we try to create 1008 R2 failover clusrter ------
Kerberos: TGS-REQ administrator@SAMBALIME.STRATUS.COM from
ipv4:10.90.0.87:49614 for Administrator@SAMBALIME.STRATUS.COM [canonicalize,
renewable, forwardable]
Kerberos: Principal may not act as server --
Administrator@SAMBALIME.STRATUS.COM
Kerberos: Failed building TGS-REP to ipv4:10.90.0.87:49614
Terminating connection - 'kdc_tcp_call_loop:tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv()-
NT_STATUS_CONNECTION_DISCONNECTED]

Bug 7606 - Kerberos: UNKNOWN -- no such entry found in hdb
Bug#: 7606 Product:  Samba 4.0 Version: unspecified Platform: x64
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: ajay.aggarwal@stratus.com QA Contact: samba4-qa@samba.org
Component: AD: LDB/DSDB/SAMDB Target Milestone: ---
URL: 
Summary: Kerberos: UNKNOWN -- no such entry found in hdb
Keywords:  
Opened: 2010-08-05 10:54 CST
Description:   Opened: 2010-08-05 10:54 CST
We are running samba4 (alpha12) on a centos 5.4  machine and are experimenting
with Hyper-V 2008 R2 Failover Clustering, which requires Active Directory. We
are trying to see if samba-4 will work as the AD server. We  are building a 2
node failover cluster. Both nodes seem to have joined the domain successfully
(with samba-4 as the DC). But subsequent steps of creating the "Failover
Cluster" are failing and periodically we see following errors in the samba log:

(Note that node0-lime record seems to have correct dnsHostName set in the
database.)

----- errors from samba log --------------
Failed to modify SPNs on
CN=NODE1-LIME,CN=Computers,DC=sambalime,DC=stratus,DC=com: error in module acl:
insufficient access rights (50)
added interface ip=10.90.0.71 nmask=255.255.255.0 
ldb_wrap open of sam.ldb 
Failed to modify SPNs on
CN=NODE1-LIME,CN=Computers,DC=sambalime,DC=stratus,DC=com: error in module acl:
insufficient access rights (50)
ipv4:10.90.0.88:49232 closed connection to service IPC$


Kerberos: AS-REQ host/node0-lime.sambalime.stratus.com@SAMBALIME.STRATUS.COM
from ipv4:10.90.0.87:50798 for
krbtgt/SAMBALIME.STRATUS.COM@SAMBALIME.STRATUS.COM
Kerberos: UNKNOWN --
host/node0-lime.sambalime.stratus.com@SAMBALIME.STRATUS.COM: no such entry
found in hdb
Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED]
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]

------- Comment #1 From Matthias Dieter Wallnöfer 2010-12-04 04:59:21 CST -------
Andrew, do you have an idea?

------- Comment #2 From Andrew Bartlett 2010-12-05 18:15:50 CST -------
Please try again with current GIT. 

We have improved the SPN update code (more still to do however). 

Bug 7810 - cannot disable offline cacheing on profile shares
Bug#: 7810 Product:  Samba 4.0 Version: unspecified Platform: x86
OS/Version: Linux Status: NEW Severity: critical Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: rclauff@cas-online.com QA Contact: samba4-qa@samba.org
Component: File/Printing server Target Milestone: ---
URL: 
Summary: cannot disable offline cacheing on profile shares
Keywords:  
Opened: 2010-11-22 16:56 CST
Description:   Opened: 2010-11-22 16:56 CST
I have all the settings on the MS side of things as well as the considered
settings for disabling of offline cacheing on the profiles share, but I am
still getting messages from event viewer that they're not disabled.  This has
already corrupted a few profiles of XP machine on my networks and I would like
it to be configured appropriatly.  Hopefully this is just something easy that I
have missed.  Here is my testparm -v report.

# Global parameters
[global]
        server role = domain controller
        sid generator = internal
        dos charset = CP850
        unix charset = UTF8
        ncalrpc dir = /usr/local/samba/var/ncalrpc
        display charset = 
        workgroup = CASINC
        realm = CAS-ONLINE.COM
        netbios name = THESUN
        netbios aliases = 
        netbios scope = 
        server string = Samba 4.0.0alpha12-GIT-2caa2a0
        interfaces = 
        bind interfaces only = No
        ntptr providor = simple_ldb
        dcerpc endpoint servers = epmapper, srvsvc, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, winreg, dssetup, unixinfo, browser
        server services = smb, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate
        security = USER
        encrypt passwords = Yes
        null passwords = No
        obey pam restrictions = No
        password server = *
        sam database = sam.ldb
        idmap database = idmap.ldb
        secrets database = secrets.ldb
        spoolss database = spoolss.ldb
        wins config database = wins_config.ldb
        wins database = wins.ldb
        private dir = /usr/local/samba/private
        passwd chat = *new*password* %n\n *new*password* %n\n *changed*
        password level = 0
        lanman auth = No
        ntlm auth = Yes
        client NTLMv2 auth = No
        client lanman auth = No
        client plaintext auth = No
        client use spnego principal = No
        log level = 0
        log file = 
        smb ports = 445, 139
        nbt port = 137
        dgram port = 138
        cldap port = 389
        krb5 port = 88
        kpasswd port = 464
        web port = 901
        tls enabled = Yes
        tls keyfile = tls/key.pem
        tls certfile = tls/cert.pem
        tls cafile = tls/ca.pem
        tls crlfile = 
        tls dh params file = 
        swat directory = /usr/local/samba/share/swat
        large readwrite = Yes
        server max protocol = NT1
        server min protocol = CORE
        client max protocol = NT1
        client min protocol = CORE
        unicode = Yes
        read raw = Yes
        write raw = Yes
        disable netbios = No
        nt status support = Yes
        announce version = 4.9
        announce as = NT
        max mux = 50
        max xmit = 12288
        name resolve order = wins, host, bcast
        max wins ttl = 518400
        min wins ttl = 10
        time server = No
        unix extensions = No
        use spnego = Yes
        server signing = auto
        client signing = Yes
        rpc big endian = No
        paranoid server security = Yes
        socket options = TCP_NODELAY
        preferred master = Auto
        local master = Yes
        wins server = 
        wins support = No
        dns proxy = Yes
        wins hook = 
        share backend = classic
        preload = 
        lock dir = /usr/local/samba/var/locks
        modules dir = /usr/local/samba/modules
        pid directory = /usr/local/samba/var/run
        setup directory = /usr/local/samba/share/setup
        socket address = 0.0.0.0
        panic action = 
        host msdfs = No
        winbind separator = \
        winbindd socket directory = /usr/local/samba/var/run/winbindd
        winbindd privileged socket directory =
/usr/local/samba/var/lib/winbindd_privileged
        winbind sealed pipes = Yes
        template shell = /bin/false
        template homedir = /home/%WORKGROUP%/%ACCOUNTNAME%
        idmap trusted only = No
        ntp signd socket directory = /usr/local/samba/var/run/ntp_signd
        rndc command = /usr/sbin/rndc
        dns update command = /usr/local/samba/sbin/samba_dnsupdate
        nsupdate command = /usr/bin/nsupdate -g
        prefork children:smb = 4
        registry:hkey_users = hku.ldb
        registry:hkey_local_machine = hklm.ldb
        auth methods:standalone = anonymous sam_ignoredomain
        auth methods:member server = anonymous sam winbind
        auth methods:domain controller = anonymous sam_ignoredomain
        comment = 
        path = 
        ntvfs handler = unixuid, default
        read only = Yes
        create mask = 0744
        force create mode = 00
        directory mask = 0755
        force directory mode = 00
        hosts allow = 
        hosts deny = 
        max connections = -1
        strict sync = No
        case insensitive filesystem = No
        max print jobs = 1000
        printable = No
        printer name = 
        map system = No
        map hidden = No
        map archive = Yes
        browseable = Yes
        csc policy = manual
        strict locking = Yes
        oplocks = Yes
        copy = 
        include = 
        available = Yes
        volume = 
        fstype = NTFS
        msdfs root = No

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/cas-online.com/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

[profiles]
        path = /var/samba/profiles
        read only = No
        browseable = No
        csc policy = disable

[intranet]
        path = /var/www
        read only = No
        create mask = 0775
        directory mask = 0775
        browseable = No

[shares]
        path = /var/samba/shares/test
        read only = No
        create mask = 0665

[docs]
        path = /var/samba/docs
        read only = No
        create mask = 0655

[IPC$]
        comment = IPC Service (Samba 4.0.0alpha12-GIT-2caa2a0)
        path = /tmp
        ntvfs handler = default
        browseable = No
        fstype = IPC

[ADMIN$]
        comment = DISK Service (Samba 4.0.0alpha12-GIT-2caa2a0)
        path = /tmp
        browseable = No
        fstype = DISK

------- Comment #1 From Robert Clauff 2010-12-03 14:50:41 CST -------
Whenever I look on the web for a solution I get all sorts of different
possiblities to fix this and most of them refer to MS servers.  I have to think
I have tried most of what I have read, but I really want to here it from the
developers on how to do this correctly so that ALL of my profiles don't end up
getting corrupted and screwing up my whole domain.  

------- Comment #2 From Volker Lendecke 2010-12-03 14:56:20 CST -------
This is about Samba4 as a file server? If it was Samba3, I would have
recommended to try "csc policy = disable". I'm not sure if this also works in
Samba4.

Volker

------- Comment #3 From Robert Clauff 2010-12-03 16:31:29 CST -------
If you look at my testparm you'll see I have "csc policy = disable" in there.

(In reply to comment #2)
> This is about Samba4 as a file server? If it was Samba3, I would have
> recommended to try "csc policy = disable". I'm not sure if this also works in
> Samba4.
> 
> Volker
> 

------- Comment #4 From Volker Lendecke 2010-12-03 16:35:12 CST -------
Apologies. I had only seen the "manual" in [global]. Then I'm lost. 

Bug 7828 - signal 11 in gensec_gssapi_update on opensolaris
Bug#: 7828 Product:  Samba 4.0 Version: unspecified Platform: x86
OS/Version: Solaris Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: mat+Informatique.Samba@matws.net QA Contact: samba4-qa@samba.org
Component: AD: LDB/DSDB/SAMDB Target Milestone: ---
URL: 
Summary: signal 11 in gensec_gssapi_update on opensolaris
Keywords:  
Opened: 2010-11-28 14:26 CST
Description:   Opened: 2010-11-28 14:26 CST
On opensolaris of the buildfarm we have this error:

0xfeee53d5 in __waitid () from /lib/libc.so.1
#0  0xfeee53d5 in __waitid () from /lib/libc.so.1
No symbol table info available.
#1  0xfeed1e8f in waitid () from /lib/libc.so.1
No symbol table info available.
#2  0xfee93e95 in waitpid () from /lib/libc.so.1
No symbol table info available.
#3  0xfeeb4c5c in system () from /lib/libc.so.1
No symbol table info available.
#4  0xfedba97d in smb_panic (
    why=0xfe894e40 "Bad talloc magic value - unknown value")
    at ../../lib/util/fault.c:134
        pidstr = "18449\000\212�X@\004\b�\037\211��h9\b"
        cmdstring =
"/export/home/tridge/build_farm/samba_4_0_test/selftest/gdb_backtrace 18449
/export/home/tridge/build_farm/samba_4_0_test/source4/./bin/samba\000!\211�\000\000\000\000�U���h9\b�h9\b�h9\b\220Q\212�(@\004\b�7\211��h9\b|M\211�(@\004\b\0347\211������h9\b"
        result = 137980152
        __FUNCTION__ = "smb_panic"
#5  0xfe892096 in talloc_abort (
    reason=0xfe894e40 "Bad talloc magic value - unknown value")
    at ../../lib/talloc/talloc.c:213
No locals.
#6  0xfe89215f in talloc_abort_unknown_value ()
    at ../../lib/talloc/talloc.c:234
No locals.
#7  0xfe89227d in talloc_chunk_from_ptr (ptr=0xa9cc758)
    at ../../lib/talloc/talloc.c:253
        pp = 0xa9cc758
"�w�\nh�-\v\230�\v\nॢ\nx�r\n(�r\n(ϱ\nX\025\026\n��\n�\177�\t\030�*\v8��\nP.�\n(�\n�̵\n\220\006�\t�\235�\t8�!\b\030�\"\b(�t\n`\v�\nX\005�\n\200�\232\t(\005�\nhB\210\n\030A\036\v(\230\002\n���\b\b}�\b�\f�\t`\230\025\n�\006�\t�b\025\n�\032\a\v\220\216j\n@\203�\n�ڲ\n�X�\n8o�\n�\232�\n
\223�\n\020|�\tXmv\n���\b��\016\v��\a\v8f\n\v��\017\v�#)\v(0\r\v"...
        tc = (struct talloc_chunk *) 0xa9cc728
#8  0xfe892476 in __talloc (context=0xa9cc758, size=34)
    at ../../lib/talloc/talloc.c:411
        tc = (struct talloc_chunk *) 0x0
#9  0xfe8942be in __talloc_strlendup (t=0xa9cc758, 
    p=0x84aa880 " Miscellaneous failure (see text)�J\bheck9", len=33)
    at ../../lib/talloc/talloc.c:1603
        ret = 0x9aa5f90
"��_\b\210�\206\n�I?\b\030�\\\b�\224�\nx�\032\v
\1770\v�j\204\n��\t8d�\b(\b�\b��\210\t�\006\033\t\0201\033\t8\204�\b�\027\b\210\200\n\v\030��\n�y�\b`�\017\t�&S\b\230�\032\v(\005V\b��\026\n\030��\t8d\034\n�$\017\v8��\nh\205m\b8��\n(f-\b��9\n
\223�\t"
#10 0xfe894351 in talloc_strndup (t=0xa9cc758, 
    p=0x84aa880 " Miscellaneous failure (see text)�J\bheck9", n=33)
    at ../../lib/talloc/talloc.c:1628
No locals.
#11 0xfe476f13 in gssapi_error_string (mem_ctx=0xa9cc758, maj_stat=851968, 
    min_stat=12, mech=0xfed70484) at ../auth/gensec/gensec_gssapi.c:70
        disp_min_stat = 0
        disp_maj_stat = 0
        maj_error_message = {length = 33, value = 0x84aa880}
        min_error_message = {length = 21, value = 0x9316f90}
        maj_error_string = 0xfede55e4 "xZ\003"
        min_error_string = 0x0
        msg_ctx = 0
        ret = 0xfed704fc "\006"
#12 0xfe4784c6 in gensec_gssapi_update (gensec_security=0xb3128f0, 
    out_mem_ctx=0xa9cc758, in={data = 0x0, length = 0}, out=0xa9cc75c)
    at ../auth/gensec/gensec_gssapi.c:597
        gensec_gssapi_state = (struct gensec_gssapi_state *) 0xb981f88
        nt_status = {v = 3221225581}
        maj_stat = 851968
        min_stat = 12
        min_stat2 = 4275831020
        input_token = {length = 0, value = 0x0}
        output_token = {length = 0, value = 0x0}
        gss_oid_p = (gss_OID) 0xfed70484
        __FUNCTION__ = "gensec_gssapi_update"
#13 0xfe4730a9 in gensec_update (gensec_security=0xb3128f0, 
    out_mem_ctx=0xa9cc758, in={data = 0x0, length = 0}, out=0xa9cc75c)
    at ../auth/gensec/gensec.c:977
No locals.
#14 0xfec7ab3b in dcerpc_bind_auth_send (mem_ctx=0xae94740, p=0xb64c2d0, 
    table=0xfec0a340, credentials=0x8078f60, gensec_settings=0xacacd98, 
    auth_type=16 '\020', auth_level=6 '\006', service=0xfebedba2 "ldap")
    at ../librpc/rpc/dcerpc_auth.c:336
        c = (struct composite_context *) 0x9aa5f88
        creq = (struct composite_context *) 0xfecd3989
        state = (struct bind_auth_state *) 0xa9cc758
        sec = (struct dcerpc_security *) 0xb75b3b8
        syntax = {uuid = {time_low = 3813753397, time_mid = 19206, 
    time_hi_and_version = 4561, clock_seq = "�\004", node =
"\000�O���"}, 
  if_version = 4}
        transfer_syntax = {uuid = {time_low = 2324192516, time_mid = 7403, 
    time_hi_and_version = 4553, clock_seq = "\237�", node = "\b\000+\020H`"}, 
  if_version = 2}
        __FUNCTION__ = "dcerpc_bind_auth_send"
#15 0xfec7cb2f in dcerpc_pipe_auth_send (p=0xb64c2d0, binding=0x9f5d240, 
    table=0xfec0a340, credentials=0x8078f60, lp_ctx=0x8071318)
    at ../librpc/rpc/dcerpc_util.c:630
        c = (struct composite_context *) 0xae94740
        s = (struct pipe_auth_state *) 0xb340e60
        auth_schannel_req = (struct composite_context *) 0xfe8925fd
        auth_req = (struct composite_context *) 0xb2d6bf8
        auth_none_req = (struct composite_context *) 0xfe892710
        conn = (struct dcerpc_connection *) 0xb75b3a8
        auth_type = 16 '\020'
#16 0xfec81a85 in continue_pipe_connect (c=0xa6f5038, s=0xb1a80d8)
    at ../librpc/rpc/dcerpc_connect.c:686
        auth_bind_req = (struct composite_context *) 0x1
#17 0xfec818ec in continue_pipe_connect_ncacn_ip_tcp (ctx=0xb2d6bf8)
    at ../librpc/rpc/dcerpc_connect.c:634
        c = (struct composite_context *) 0xa6f5038
        s = (struct pipe_connect_state *) 0xb1a80d8
#18 0xfe808f94 in composite_done (ctx=0xb2d6bf8)
    at ../libcli/composite/composite.c:143
No locals.
#19 0xfec80f13 in continue_pipe_open_ncacn_ip_tcp (ctx=0xb7b4510)
    at ../librpc/rpc/dcerpc_connect.c:298
        c = (struct composite_context *) 0xb2d6bf8
#20 0xfe808f94 in composite_done (ctx=0xb7b4510)
    at ../libcli/composite/composite.c:143
No locals.
#21 0xfec800ce in continue_ipv4_open_socket (ctx=0x9aa5f88)
    at ../librpc/rpc/dcerpc_sock.c:459
        c = (struct composite_context *) 0xb7b4510
        s = (struct pipe_tcp_state *) 0x9a309d8
        __FUNCTION__ = "continue_ipv4_open_socket"
#22 0xfe808f94 in composite_done (ctx=0x9aa5f88)
    at ../libcli/composite/composite.c:143
No locals.
#23 0xfec7fc32 in continue_socket_connect (ctx=0x819e8b0)
    at ../librpc/rpc/dcerpc_sock.c:303
        conn = (struct dcerpc_connection *) 0xb75b3a8
        sock = (struct sock_private *) 0xb0bca90
        c = (struct composite_context *) 0x9aa5f88
        s = (struct pipe_open_socket_state *) 0xae94740
        __FUNCTION__ = "continue_socket_connect"
#24 0xfe808f94 in composite_done (ctx=0x819e8b0)
    at ../libcli/composite/composite.c:143
No locals.
#25 0xfe807f8e in socket_connect_handler (ev=0x80788d0, fde=0xa001530, 
    flags=2, private_data=0x819e8b0) at ../lib/socket/connect.c:131
        result = (struct composite_context *) 0x819e8b0
        state = (struct connect_state *) 0x83e8ce0
#26 0xfeaa6837 in std_event_loop_select (std_ev=0x8078948, tvalp=0x80446d0)
    at ../../lib/tevent/tevent_standard.c:509
        flags = 2
        r_fds = {fds_bits = {1073741824, 0, 524288, 0 <repeats 29 times>}}
        w_fds = {fds_bits = {0, 0, 2048, 0 <repeats 29 times>}}
        fde = (struct tevent_fd *) 0xa001530
        selrtn = 3
#27 0xfeaa6918 in std_event_loop_once (ev=0x80788d0, 
    location=0x805ee43 "../smbd/server.c:480")
    at ../../lib/tevent/tevent_standard.c:548
        std_ev = (struct std_event_context *) 0x8078948
        tval = {tv_sec = 1, tv_usec = 857982}
#28 0xfeaa383d in _tevent_loop_once (ev=0x80788d0, 
    location=0x805ee43 "../smbd/server.c:480")
    at ../../lib/tevent/tevent.c:493
        ret = 0
        nesting_stack_ptr = (void *) 0x0
#29 0xfeaa3a1c in tevent_common_loop_wait (ev=0x80788d0, 
    location=0x805ee43 "../smbd/server.c:480")
    at ../../lib/tevent/tevent.c:594
        ret = 0
#30 0xfeaa3a9a in _tevent_loop_wait (ev=0x80788d0, 
    location=0x805ee43 "../smbd/server.c:480")
    at ../../lib/tevent/tevent.c:613
No locals.
#31 0x0805af9a in binary_smbd_main (binary_name=0x805e8a7 "samba", argc=6, 
    argv=0x8044964) at ../smbd/server.c:480
        opt_daemon = false
        opt_interactive = true
        opt = -1
        pc = (poptContext) 0x8070108
        static_init = {0xfedf66b8 <server_service_auth_init>, 0}
        shared_init = (init_module_fn *) 0x8077f18
        event_ctx = (struct tevent_context *) 0x80788d0
        stdin_event_flags = 1
        status = {v = 0}
        model = 0x8070cf8 "single"
        max_runtime = 18000
        long_options = {{longName = 0x0, shortName = 0 '\0', argInfo = 4, 
    arg = 0xfdad67f0, val = 0, descrip = 0x805ea29 "Help options:", 
    argDescrip = 0x0}, {longName = 0x805ea37 "daemon", shortName = 68 'D', 
    argInfo = 0, arg = 0x0, val = 1000, 
    descrip = 0x805ea3e "Become a daemon (default)", argDescrip = 0x0}, {
    longName = 0x805ea58 "interactive", shortName = 105 'i', argInfo = 0, 
    arg = 0x0, val = 1001, 
    descrip = 0x805ea64 "Run interactive (not a daemon)", argDescrip = 0x0}, {
    longName = 0x805ea83 "model", shortName = 77 'M', argInfo = 1, arg = 0x0, 
    val = 1002, descrip = 0x805ea89 "Select process model", 
    argDescrip = 0x805ea9e "MODEL"}, {longName = 0x805eaa4 "maximum-runtime", 
    shortName = 0 '\0', argInfo = 2, arg = 0x80448c0, val = 0, 
    descrip = 0x805eab4 "set maximum runtime of the server process, till
autotermination", argDescrip = 0x805eaf4 "seconds"}, {
    longName = 0x805eafc "show-build", shortName = 98 'b', argInfo = 0, 
    arg = 0x0, val = 1003, descrip = 0x805eb07 "show build info", 
    argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\0', argInfo = 4, 
    arg = 0x806fea0, val = 0, descrip = 0x805eb17 "Common samba options:", 
    argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\0', argInfo = 4, 
    arg = 0x806ffa0, val = 0, descrip = 0x805eb17 "Common samba options:", 
    argDescrip = 0x0}, {longName = 0x0, shortName = 0 '\0', argInfo = 0, 
    arg = 0x0, val = 0, descrip = 0x0, argDescrip = 0x0}}
        __FUNCTION__ = "binary_smbd_main"
#32 0x0805b00b in main (argc=6, argv=0x8044964) at ../smbd/server.c:491
No locals.
No symbol table info available.
The program is running.  Quit anyway (and detach it)? (y or n) [answered Y;
input not from terminal]
smb_panic(): action returned status 0
PANIC: Bad talloc magic value - unknown value
BACKTRACE: 31 stack frames:
 #0
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/util/libsamba-util.so'call_backtrace+0x27
[0xfedba7a2]
 #1
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/util/libsamba-util.so'smb_panic+0x1f1
[0xfedbaa65]
 #2
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc.so'talloc_abort+0x44
[0xfe892096]
 #3
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc.so'talloc_abort_unknown_value+0x22
[0xfe89215f]
 #4
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc.so'talloc_chunk_from_ptr+0x9a
[0xfe89227d]
 #5
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc.so'__talloc+0x56
[0xfe892476]
 #6
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc.so'__talloc_strlendup+0x23
[0xfe8942be]
 #7
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc.so'talloc_strndup+0x42
[0xfe894351]
 #8
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/auth/gensec/libgensec.so'gssapi_error_string+0x8b
[0xfe476f13]
 #9
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/auth/gensec/libgensec.so'gensec_gssapi_update+0x737
[0xfe4784c6]
 #10
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/auth/gensec/libgensec.so'gensec_update+0x27
[0xfe4730a9]
 #11
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/librpc/libdcerpc.so'dcerpc_bind_auth_send+0x58c
[0xfec7ab3b]
 #12
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/librpc/libdcerpc.so'dcerpc_pipe_auth_send+0x379
[0xfec7cb2f]
 #13
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/librpc/libdcerpc.so'continue_pipe_connect+0x81
[0xfec81a85]
 #14
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/librpc/libdcerpc.so'continue_pipe_connect_ncacn_ip_tcp+0x80
[0xfec818ec]
 #15
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/libsamba-sockets.so'composite_done+0x83
[0xfe808f94]
 #16
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/librpc/libdcerpc.so'continue_pipe_open_ncacn_ip_tcp+0x62
[0xfec80f13]
 #17
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/libsamba-sockets.so'composite_done+0x83
[0xfe808f94]
 #18
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/librpc/libdcerpc.so'continue_ipv4_open_socket+0xe3
[0xfec800ce]
 #19
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/libsamba-sockets.so'composite_done+0x83
[0xfe808f94]
 #20
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/librpc/libdcerpc.so'continue_socket_connect+0x2f4
[0xfec7fc32]
 #21
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/libsamba-sockets.so'composite_done+0x83
[0xfe808f94]
 #22
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/libsamba-sockets.so'socket_connect_handler+0x89
[0xfe807f8e]
 #23
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/tevent/libtevent.so'std_event_loop_select+0x2f2
[0xfeaa6837]
 #24
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/tevent/libtevent.so'std_event_loop_once+0xb3
[0xfeaa6918]
 #25
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/tevent/libtevent.so'_tevent_loop_once+0xb7
[0xfeaa383d]
 #26
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/tevent/libtevent.so'tevent_common_loop_wait+0x47
[0xfeaa3a1c]
 #27
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/tevent/libtevent.so'_tevent_loop_wait+0x19
[0xfeaa3a9a]
 #28
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/smbd/samba'binary_smbd_main+0x9e3
[0x805af9a]
 #29
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/smbd/samba'main+0x3e
[0x805b00b]
 #30
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/smbd/samba'_start+0x83
[0x8055627]
./bin/samba got signal 6 and exits with 0!

All information here:

http://build.samba.org/build.cgi?function=View+Build;checksum=9ded86b6cf08910abdb821afc54516d2855e3995;host=opensolaris;revision=4cf85a719350942960d131adfd120eb649c5c861;tree=samba_4_0_test;compiler=gcc

------- Comment #1 From Matthias Dieter Wallnöfer 2010-12-07 03:57:02 CST -------
ekacnet, the last two builds don't suffer from this issue. So do you think it's
worth to keep this open? Do you have any suspicion?

Otherwise I propose to close this until it happens agains.

------- Comment #2 From Matthieu Patou 2010-12-07 06:25:16 CST -------
This segfault is comming quite regulary, not facing it didn't mean that the
real problem is fixed.

One solution would be to run the server in valgrind on opensolaris to see what
valgrind says!

Keep it open.

------- Comment #3 From Matthias Dieter Wallnöfer 2010-12-07 06:34:47 CST -------
Well, there are two issues:

1.) "valgrind" isn't available on (Open)Solaris
2.) do you know the exact test where it fails?

Otherwise I could try to detect the issue since I've now installed an
OpenIndiana VM.

Bug 7845 - RPC-COUNTCALLS test suite checks wrong pipe for [MS-EFSR]
Bug#: 7845 Product:  Samba 4.0 Version: unspecified Platform: All
OS/Version: Windows 2003 Status: NEW Severity: minor Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: v-mafick@microsoft.com QA Contact: samba4-qa@samba.org
Component: smbtorture Target Milestone: ---
URL: 
Summary: RPC-COUNTCALLS test suite checks wrong pipe for [MS-EFSR]
Keywords:  
Opened: 2010-12-06 14:42 CST
Description:   Opened: 2010-12-06 14:42 CST
The RPC-COUNTCALLS test suite tries to connect to \pipe\efs.

Windows doesn't listen on that pipe, nor its it mentioned in WSPP or MCPP
documentation. 

However, [MS-EFSR] states that the server should listen on \pipe\efsrpc, so I
assume that it was meant to test \pipe\efs. 

Unless it was meant to test server response to a nonexistant pipe (like the
test of \pipe\ICoffeeMachine), this test should be fixed to connect to
\pipe\efsrpc instead of \pipe\efs.

Bug 7846 - RPC-OBJECTUUID test suite must use only named pipe transport when targeting Windows
Bug#: 7846 Product:  Samba 4.0 Version: unspecified Platform: All
OS/Version: Windows 2008 R2 Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: v-mafick@microsoft.com QA Contact: samba4-qa@samba.org
Component: smbtorture Target Milestone: ---
URL: 
Summary: RPC-OBJECTUUID test suite must use only named pipe transport when targeting Windows
Keywords:  
Opened: 2010-12-06 17:05 CST
Description:   Opened: 2010-12-06 17:05 CST
The RPC-OBJECTUUID test suite must only use the named pipe transport when
targeting Windows.

Currently it tests using both the named pipe and tcp transports.

The definition of the protocols covered by these test suites, [MS-LSAD] and
[MS-LSAT], state that these protocols are to be used on a named pipe
transport(specifically [\pipe\lsarpc]).

Smbtorture runs this suite twice, providing both the ncacn_ip_tcp and ncacn_np
endpoints to tests both the tcp and named pipe transports. 

The test may use the protocols over the tcp transport when targeting a Samba
server(or other supporting server), in which case, using the tcp transport
would be a Samba extension of [MS-LSAD]/[MS-LSAT].

However it must not use the tcp transport when targeting a Windows server, as
Windows does not support such an extension of [MS-LSAD]/[MS-LSAT].

When targeting Windows, this test suite must only use the named pipe transport,
[\pipe\lsarpc].

------- Comment #1 From Matt Ficken 2010-12-07 11:51:55 CST -------
The test suite passes against Windows 2003r2 and 2008r2 when this bug is fixed.
Otherwise it fails.

(In reply to comment #0)
> The RPC-OBJECTUUID test suite must only use the named pipe transport when
> targeting Windows.
> Currently it tests using both the named pipe and tcp transports.
> The definition of the protocols covered by these test suites, [MS-LSAD] and
> [MS-LSAT], state that these protocols are to be used on a named pipe
> transport(specifically [\pipe\lsarpc]).
> Smbtorture runs this suite twice, providing both the ncacn_ip_tcp and ncacn_np
> endpoints to tests both the tcp and named pipe transports. 
> The test may use the protocols over the tcp transport when targeting a Samba
> server(or other supporting server), in which case, using the tcp transport
> would be a Samba extension of [MS-LSAD]/[MS-LSAT].
> However it must not use the tcp transport when targeting a Windows server, as
> Windows does not support such an extension of [MS-LSAD]/[MS-LSAT].
> When targeting Windows, this test suite must only use the named pipe transport,
> [\pipe\lsarpc].

------- Comment #2 From Matt Ficken 2010-12-08 17:54:37 CST -------
Sorry, I forgot a detail behind the transport requirement for
[MS-LSAD]/[MS-LSAT] (see [MS-LSAT] 2.1):

Certain functions may only be used over a named pipe, and certain functions may
only be used over tcp (other functions may be used over either).

Functions Requiring Named Pipe:
LsarOpenPolicy2, LsarOpenPolicy, LsarClose, LsarGetUsername, LsarLookupNames,
LsarLookupNames2, LsarLookupNames3, LsarLookupSids and LsarLookupSids2

Functions Requiring TCP:
LsarLookupNames4 and LsarLookupSids3

Other functions may be used on either transport.

RPC-OBJECTUUID calls LsarClose, therefore must use the named pipe transport.

------- Comment #3 From Andrew Bartlett 2010-12-08 18:22:54 CST -------
I think you may be misunderstanding our testing process and methodology. 

I'm still unsure what you are running to come to these conclusions, as all the
smbtorture commands take a user-specified binding string.  Perhaps you are
running it as part of some modified test script?

Furthermore, the tests represent the operations that passed against Windows at
the time they were written.  They provide us with some assurance of conformance
to that version of Windows.  They are not a test of the WSPP documentation.

Can you at the very least include the full command line you are running in
future reports, so we can be clear about what you are doing.

But what I would really like is for you to join #samba-technical in
irc.freenode.net or the samba-technical@samba.org mailing list, and work with
us there to understand what you hope to achieve, so we can help you with that. 

Thanks,

Bug 7847 - RPC-COUNTCALLS should be moved into a separate group of 'investigational' test suites
Bug#: 7847 Product:  Samba 4.0 Version: unspecified Platform: All
OS/Version: Windows 2008 R2 Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: v-mafick@microsoft.com QA Contact: samba4-qa@samba.org
Component: smbtorture Target Milestone: ---
URL: 
Summary: RPC-COUNTCALLS should be moved into a separate group of 'investigational' test suites
Keywords:  
Opened: 2010-12-06 17:05 CST
Description:   Opened: 2010-12-06 17:05 CST
I think the RPC-COUNTCALLS test suite should be removed from the normal list of
smbtorture tests (defined in 'tests' file) and added to a new set of
'investigational' tests, so that RPC-COUNTCALLS is not normally run as part of
smbtorture (for buildfarm, regression testing, etc...)

Other test suites test particular functions of a Windows or Samba server. Its
clear if they fail or not and that pass or fail has a useful purpose (indicates
something is broken or not).

RPC-COUNTCALLS makes a call request for all opnums 0-500 for all rpc interfaces
that are registered with Samba, and then reading the error code that the server
returns. Its hard to define a meaningful 'pass' or 'failure' condition.

Consequently, its hard to make sure that a Samba or Windows release will pass
this suite. And its hard to see how this is useful for normal testing, so its
hard to see the value in spending time making sure Windows and Samba pass and
especially continue to pass this suite.

It is clear how this suite is useful for investigating a server and its
functions. It looks like thats what RPC-COUNTCALLS was originally built for,
afterall, many of the pipes it tries to connect to are named from DCOM
interfaces(ex: \pipe\IDispatch), so it may also have been a way to investigate
DCOM in addition to investigating RPC. 

Either way, its a good investigational tool, but I don't think is appropriate
for regular testing of Samba or Windows. 

Moving it out of the regular set of 'tests' run and into an 'investigational'
set, will save developer time.

Bug 7848 - Change Samba 3.6 and 4 security defaults (spnego hint)
Bug#: 7848 Product:  Samba 3.6 Version: unspecified Platform: All
OS/Version: All Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: ngoldber@mitre.org QA Contact: samba-qa@samba.org
Component: File services Target Milestone: ---
URL:  http://lists.samba.org/archive/samba-technical/2010-December/075032.html
Summary: Change Samba 3.6 and 4 security defaults (spnego hint)
Keywords:  
Opened: 2010-12-06 19:45 CST
Description:   Opened: 2010-12-06 19:45 CST
The following bugzilla entry documents a patch I submitted to the samba
technical list, which Andrew took and made better. 
Quoting Andrew from the thread, as he summarized better than myself:
"I would like to improve Samba's security and conformance to match
Windows 2008, by:
 - removing the server-sent SPNEGO principal from the server-side
reply, 
 - not honouring it in the client 
 - using NTLMv2 by default in our client.

This should match the behaviour of Windows 2008 and Vista for avoiding
man-in-the-middle attacks relying on swapping of the target principal,
and in NTLMv2 change it slowly moves us on from the very poor
cryptography of the NTLM era.

This will change behaviour - some broken configurations were windows
does not use Kerberos will now also fall back to NTLMSSP, but as Neil
reported in his original mail, it will also fix real world
inconsistencies.  

In terms of unexpected interoperability issues, all these code paths
should already have been explored with Windows 2008 and Vista clients
and servers.  Likewise, all these options can be turned back on with
smb.conf and command line options (see the --option option) if required
on a particular connection. 
"

Patches are available as attachments to the linked URL.

Bug 7849 - RPC-HANDLES test suite uses wrong transport
Bug#: 7849 Product:  Samba 4.0 Version: unspecified Platform: All
OS/Version: Windows NT Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: v-mafick@microsoft.com QA Contact: samba4-qa@samba.org
Component: smbtorture Target Milestone: ---
URL: 
Summary: RPC-HANDLES test suite uses wrong transport
Keywords:  
Opened: 2010-12-07 11:56 CST
Description:   Opened: 2010-12-07 11:56 CST
The RPC-HANDLES test suite uses the TCP transport but must use the named pipe
transport instead.

The test suite tests [MS-LSAD]/[MS-LSAT], and even though they aren't the focus
of this test suite, the suite fails because they require that only the named
pipe transport be used.

When targeting Windows, this test suite must only use the named pipe transport,
[\pipe\lsarpc].

------- Comment #1 From Andrew Bartlett 2010-12-07 20:50:28 CST -------
As far as I can tell, the RPC-HANDLES test runs against whatever target you
give it on the command line. 

Even so, there certainly have been LSA calls that are available on TCP/IP,
depending on the Windows version. 

How are you invoking the test?  What versions on Windows are you using?

------- Comment #2 From Matt Ficken 2010-12-08 18:53:40 CST -------
Andrew, you're right some LSA functions work on the TCP transport.

Sorry, I forgot a detail behind the transport requirement for
[MS-LSAD]/[MS-LSAT] (see [MS-LSAT] 2.1):

Certain functions may only be used over a named pipe, and certain functions may
only be used over tcp (other functions may be used over either).

Functions Requiring Named Pipe:
LsarOpenPolicy2, LsarOpenPolicy, LsarClose, LsarGetUsername, LsarLookupNames,
LsarLookupNames2, LsarLookupNames3, LsarLookupSids and LsarLookupSids2

Functions Requiring TCP:
LsarLookupNames4 and LsarLookupSids3

Other functions may be used on either transport.

RPC-HANDLES calls LsarOpenPolicy, so it has to use the named pipe transport.

I think only the RAW-* and SMB2-* suites check the --target value, but checking
it in RPC-HANDLES (and RPC-OBJECTUUID) would enable/disable any Windows or
Samba specific behavior or extension.

When the target value is w2k3, w2k8, winxp, or win7, the test should only use
the named pipe transport to be compatible with Windows and [MS-LSAD]/[MS-LSAT]
(which in this area, seem written more to comply with existing Windows quirks
than well designed behavior).


I have filed a bug report with the team that writes [MS-LSAD] and [MS-LSAT] so
that the named pipe and tcp transport requirement in [MS-LSAT] 2.1 is at least
copied to [MS-LSAD] 2.1, so it will be more noticeable.


(I am running smbtorture tests listed in the 'tests' file that ships with
Samba, as closely to how the buildfarm runs them. I am using the same samba
configuration file, I've just changed the realm/domain name. I am testing
primarly Windows 2003r2, 2008r2, and 7, from Ubuntu 9.1, on x64 hardware)

Bug 7852 - RPC-COUNTCALLS should check the RPC fault code DCERPC_NCA_S_OP_RNG_ERROR
Bug#: 7852 Product:  Samba 4.0 Version: unspecified Platform: All
OS/Version: Windows 2008 R2 Status: NEW Severity: minor Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: v-mafick@microsoft.com QA Contact: samba4-qa@samba.org
Component: smbtorture Target Milestone: ---
URL: 
Summary: RPC-COUNTCALLS should check the RPC fault code DCERPC_NCA_S_OP_RNG_ERROR
Keywords:  
Opened: 2010-12-07 17:00 CST
Description:   Opened: 2010-12-07 17:00 CST
This suite investigates the functions available for all or for a given RPC
interface by making call requests for all opnums 0 to 500 and checking the
fault code or status code.

When the opnum is out of range, Windows returns DCERPC_NCA_S_OP_RNG_ERROR as
the RPC fault code (in the Response PDU/pkt), which is converted to the status
code NT_STATUS_NET_WRITE_FAULT, which is not one of the status codes that the
test considers 'passing'.

It looks like almost all fault codes cause Samba to produce
NT_STATUS_NET_WRITE_FAULT.


This test, in addition to checking the status code as it does now, should (1)
also check the underlying fault code, as that will help investigation and then
(2) should check for the fault code DCERPC_NCA_S_OP_RNG_ERROR and consider that
as 'passing' the test for that RPC interface.


DCERPC_NCA_S_OP_RNG_ERROR is, according to my understanding of [DCE/RPC 1.1],
the correct code for an RPC server to return in this case.


If this bug is fixed, along with #7851 and #7845, this suite will pass against
Windows(any version).

Bug 7853 - RPC-SRVSVC tests functions that Windows does not support over the wire
Bug#: 7853 Product:  Samba 4.0 Version: unspecified Platform: Other
OS/Version: Windows NT Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: v-mafick@microsoft.com QA Contact: samba4-qa@samba.org
Component: smbtorture Target Milestone: ---
URL: 
Summary: RPC-SRVSVC tests functions that Windows does not support over the wire
Keywords:  
Opened: 2010-12-07 19:12 CST
Description:   Opened: 2010-12-07 19:12 CST
Samba defines 8 functions from the MS-SRVS protocol that [MS-SRVS] states are
not to be used on the wire. Specifically, they are: 
NDR_SRVSVC_NETCHARDEVENUM (0x00)
NDR_SRVSVC_NETCHARDEVGETINFO (0x01)
NDR_SRVSVC_NETCHARDEVCONTROL (0x02)
NDR_SRVSVC_NETCHARDEVQENUM (0x03)
NDR_SRVSVC_NETCHARDEVQGETINFO (0x04)
NDR_SRVSVC_NETCHARDEVQSETINFO (0x05)
NDR_SRVSVC_NETCHARDEVQPURGE (0x06)
NDR_SRVSVC_NETCHARDEVQPURGESELF (0x07)
NDR_SRVSVC_NETCONNENUM (0x08)

The IDL in Appendix A in [MS-SRVS] states that opnums 0-8(inclusive) are not
used on wire, that is, Windows will return NT_STATUS_INVALID_PARAMETER or other
error code if they are used.

Samba implements and the RPC-SRVSVC suite tests these functions anyway.

Roughly, [MS-SRVS] provides an RPC based replacement for [MS-RAP], and [MS-RAP]
doesn't have functions for remotely working with Character Devices
(NetCharDevEnum, etc...).

Samba(at least Samba4.0.0alpha12-GIT-72cd5bc) doesn't implement these functions
and instead returns WERR_NOT_SUPPORTED. So Samba should fail this suite too.

Further, its hard to see what use NetCharDevEnum, etc... would have over a
network, other than being a security hole. 

Therefore, I believe the WSPP documentation ([MS-SRVS]) is correct in this
case.


If Samba wants to extend [MS-SRVS] by implementing and using these functions
when targeting another Samba host, thats certainly ok.

However, Windows doesn't support that extension of [MS-SRVS].

Samba, as in the RPC-SRVSVC test suite, or smbd, or smbclient, must not use
opnums 0-8 on the srvsvc interface when targeting a Windows host.

Bug 7859 - double free in case of composite call in error/timeout
Bug#: 7859 Product:  Samba 4.0 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: critical Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: mat+Informatique.Samba@matws.net QA Contact: samba4-qa@samba.org
Component: Other Target Milestone: ---
URL: 
Summary: double free in case of composite call in error/timeout
Keywords:  
Opened: 2010-12-10 04:12 CST
Description:   Opened: 2010-12-10 04:12 CST
On a couple of non x86/x64 machines we have double free in case of timeout or
error in a composite call.

For instance on opensolaris:

gdb_backtrace: Trying to use /opt/sunstudio12.1/bin/dbx on
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/smbd/samba
on PID 29904
dbx: warning: extraneous argument "29904"
dbx: Cannot open "where;dump;kill;quit" -- No such file or directory
Warning: Low number of available file descriptors (250).  If the
program has too many threads, you might need to set the
mt_scalable option, or increase the hard limit on the number of
file descriptors.  See `help dbxenv' under mt_scalable.
For information about new features see `help changes'
To remove this message, put `dbxenv suppress_startup_message 7.7' in your
.dbxrc

smb_panic(): action returned status 0
PANIC: Bad talloc magic value - double free
BACKTRACE: 21 stack frames:
 #0
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/util/libsamba-util.so'call_backtrace+0x27
[0xfedba7c6]
 #1
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/util/libsamba-util.so'smb_panic+0x1f1
[0xfedbaa89]
 #2
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc-samba4.so'talloc_abort+0x44
[0xfe8920a2]
 #3
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc-samba4.so'talloc_abort_double_free+0x22
[0xfe892141]
 #4
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc-samba4.so'talloc_chunk_from_ptr+0x8c
[0xfe89227b]
 #5
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc-samba4.so'_talloc_steal_internal+0x168
[0xfe892962]
 #6
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc-samba4.so'_talloc_free_internal+0x2f2
[0xfe89309e]
samba: EOF on stdin - terminating
./bin/samba exited with no error
samba: EOF on stdin - terminating
 #7
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/talloc/libtalloc-samba4.so'_talloc_free+0xda
[0xfe8937f6]
 #8
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/librpc/libdcerpc.so'dcerpc_pipe_connect_b_recv+0x7f
[0xfec839df]
 #9
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/winbind/libservice-winbind.so'init_domain_recv_netlogonpipe+0x50
[0xfce6de66]
 #10
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/libsamba-sockets-samba4.so'composite_error+0xa2
[0xfe7f8ec0]
 #11
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/librpc/libdcerpc.so'dcerpc_connect_timeout_handler+0x40
[0xfec836f0]
 #12
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/tevent/libtevent-samba4.so'tevent_common_loop_timer_delay+0x18e
[0xfeaa70a7]
 #13
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/tevent/libtevent-samba4.so'std_event_loop_select+0x204
[0xfeaa6775]
 #14
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/tevent/libtevent-samba4.so'std_event_loop_once+0xb3
[0xfeaa6944]
 #15
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/tevent/libtevent-samba4.so'_tevent_loop_once+0xb7
[0xfeaa3869]
 #16
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/tevent/libtevent-samba4.so'tevent_common_loop_wait+0x47
[0xfeaa3a48]
 #17
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/lib/tevent/libtevent-samba4.so'_tevent_loop_wait+0x19
[0xfeaa3ac6]
 #18
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/smbd/samba'binary_smbd_main+0x9e3
[0x805affe]
 #19
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/smbd/samba'main+0x3e
[0x805b06f]
 #20
/export/home/tridge/build_farm/samba_4_0_test/source4/bin/default/source4/smbd/samba'_start+0x83
[0x8055693]


this can happen also in "clients" like smbtorture like on builder72 (freebsd
7.2):

#4  0x0000000803a9316f in talloc_abort (reason=0x803a96b30 "Bad talloc magic
value - double free") at ../../lib/talloc/talloc.c:213
#5  0x0000000803a93200 in talloc_abort_double_free () at
../../lib/talloc/talloc.c:229
#6  0x0000000803a93336 in talloc_chunk_from_ptr (ptr=0x807045820) at
../../lib/talloc/talloc.c:250
#7  0x0000000803a94995 in talloc_get_name (ptr=0x807045820) at
../../lib/talloc/talloc.c:975
#8  0x0000000803a94a33 in talloc_check_name (ptr=0x807045820, name=0x802c8fbc0
"struct composite_context") at ../../lib/talloc/talloc.c:994
#9  0x0000000802c25120 in continue_smb_connect (ctx=0x8070458b0) at
../librpc/rpc/dcerpc_connect.c:68
#10 0x00000008032ffe7f in composite_error (ctx=0x8070458b0, status={v =
3221225787}) at ../libcli/composite/composite.c:114
#11 0x00000008032fff09 in composite_is_ok (ctx=0x8070458b0) at
../libcli/composite/composite.c:132
#12 0x0000000802c56124 in state_handler (c=0x8070458b0) at
../libcli/smb_composite/connect.c:398
#13 0x0000000802c56160 in request_handler (req=0x806f323b0) at
../libcli/smb_composite/connect.c:410
#14 0x0000000802c64784 in smbcli_transport_dead (transport=0x807002580,
status={v = 3221225787}) at ../libcli/raw/clitransport.c:151
#15 0x0000000802c6428f in transport_destructor (transport=0x807002580) at
../libcli/raw/clitransport.c:56
#16 0x0000000803a94275 in _talloc_free_internal (ptr=0x807002580,
location=0x802c8ffa0 "../librpc/rpc/dcerpc_connect.c:810")
    at ../../lib/talloc/talloc.c:621
#17 0x0000000803a94458 in _talloc_free_internal (ptr=0x80702c830,
location=0x802c8ffa0 "../librpc/rpc/dcerpc_connect.c:810")
    at ../../lib/talloc/talloc.c:652
#18 0x0000000803a94458 in _talloc_free_internal (ptr=0x8070458b0,
location=0x802c8ffa0 "../librpc/rpc/dcerpc_connect.c:810")
    at ../../lib/talloc/talloc.c:652
#19 0x0000000803a94458 in _talloc_free_internal (ptr=0x806fbf350,
location=0x802c8ffa0 "../librpc/rpc/dcerpc_connect.c:810")
    at ../../lib/talloc/talloc.c:652
#20 0x0000000803a94458 in _talloc_free_internal (ptr=0x80702c5b0,
location=0x802c8ffa0 "../librpc/rpc/dcerpc_connect.c:810")
    at ../../lib/talloc/talloc.c:652
#21 0x0000000803a94458 in _talloc_free_internal (ptr=0x807045790,
location=0x802c8ffa0 "../librpc/rpc/dcerpc_connect.c:810")
    at ../../lib/talloc/talloc.c:652
#22 0x0000000803a94fc4 in _talloc_free (ptr=0x807045790, location=0x802c8ffa0
"../librpc/rpc/dcerpc_connect.c:810")
    at ../../lib/talloc/talloc.c:1171
#23 0x0000000802c267d1 in dcerpc_pipe_connect_b_recv (c=0x807045790,
mem_ctx=0x807029a60, p=0x7fffffffa790) at ../librpc/rpc/dcerpc_connect.c:810
#24 0x0000000802c26835 in dcerpc_pipe_connect_b (parent_ctx=0x807029a60,
pp=0x7fffffffa790, binding=0x80702c0b0, table=0x8042ed5a0,
    credentials=0x806f32070, ev=0x806f14590, lp_ctx=0x806f0a850) at
../librpc/rpc/dcerpc_connect.c:831
#25 0x000000000068d87a in torture_rpc_connection (tctx=0x807029a60,
p=0x7fffffffa790, table=0x8042ed5a0) at ../torture/rpc/rpc.c:84
#26 0x000000000068f22d in test_handles_lsa (torture=0x807029a60) at
../torture/rpc/handles.c:52
#27 0x0000000802867bba in wrap_simple_test (torture_ctx=0x807029a60,
tcase=0x806f847f0, test=0x806f8a240) at ../../lib/torture/torture.c:628
#28 0x0000000802867341 in internal_torture_run_test (context=0x807029a60,
tcase=0x806f847f0, test=0x806f8a240, already_setup=true, restricted=0x0)
    at ../../lib/torture/torture.c:439
#29 0x0000000802867588 in torture_run_tcase_restricted (context=0x807029a60,
tcase=0x806f847f0, restricted=0x0) at ../../lib/torture/torture.c:502
#30 0x0000000802866f6b in torture_run_suite_restricted (context=0x807029a60,
suite=0x806f86dd0, restricted=0x0) at ../../lib/torture/torture.c:354
#31 0x0000000802866ed2 in torture_run_suite (context=0x807029a60,
suite=0x806f86dd0) at ../../lib/torture/torture.c:336
#32 0x0000000000532730 in run_matching (torture=0x807029a60, prefix=0x80703adb0
"RPC", expr=0x7fffffffb9e2 "RPC-HANDLES", restricted=0x0,
    suite=0x806f78250, matched=0x7fffffffaade) at ../torture/smbtorture.c:64
#33 0x000000000053276d in run_matching (torture=0x807029a60, prefix=0x0,
expr=0x7fffffffb9e2 "RPC-HANDLES", restricted=0x0, suite=0x806f2d350,

------- Comment #1 From Matthias Dieter Wallnöfer 2011-01-18 14:52:10 CST -------
Metze has interest in fixing this.

------- Comment #2 From Stefan (metze) Metzmacher 2011-01-19 00:47:25 CST -------
I'll do the real fix, but that will take a few month.

So I'm fine if someone adds a short term hack.

Bug 7868 - MacOS: Fails quicktest
Bug#: 7868 Product:  Samba 4.0 Version: unspecified Platform: x64
OS/Version: Mac OS X Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: william.e.brown@adelaide.edu.au QA Contact: samba4-qa@samba.org
Component: smbtorture Target Milestone: ---
URL: 
Summary: MacOS: Fails quicktest
Keywords:  
Opened: 2010-12-14 22:47 CST
Description:   Opened: 2010-12-14 22:47 CST
When running make quicktest, segmentation faults occur.

git ref 12e49a748c26697fb6f697512babb949a6c2931f

i686-apple-darwin10-gcc-4.2.1 (GCC) 4.2.1 (Apple Inc. build 5664)

Using ./configure.developer --prefix=/opt/samba4


[williambrown@Mai ~/development/samba-master/source4]$ make quicktest
WAF_MAKE=1 ../buildtools/bin/waf test --quick 
'test' finished successfully (0.000s)
Waf: Entering directory
`/Users/williambrown/development/samba-master/source4/bin'
Checking project rules ...
Project rules pass
[   8/2288] Generating VERSION
Waf: Leaving directory
`/Users/williambrown/development/samba-master/source4/bin'
'build' finished successfully (6.737s)
test: running (/usr/bin/perl
/Users/williambrown/development/samba-master/source4/../selftest/selftest.pl
--prefix=./st --builddir=. --srcdir=. --exclude=./selftest/skip
--testlist="/usr/bin/python ./selftest/tests.py|"  --exclude=./selftest/slow
--quick --include=./selftest/quick --socket-wrapper  && touch ./st/st_done) |
/usr/bin/python -u ../selftest/filter-subunit
--expected-failures=./selftest/knownfail | tee ./st/subunit | /usr/bin/python
-u ../selftest/format-subunit --prefix=./st --immediate
SOCKET_WRAPPER_DIR=/Users/williambrown/development/samba-master/source4/st/w
Version 4.0.0alpha14-GIT-12e49a7
OPTIONS --configfile=$SMB_CONF_PATH --maximum-runtime=$SELFTEST_MAXTIME
--target=$SELFTEST_TARGET --basedir=$SELFTEST_TMPDIR
--option=torture:progress=no --format=subunit --option=torture:quick=yes
WARNING: allowing empty subunit output from ldb.base
WARNING: allowing empty subunit output from
samba4.urgent_replication.python(dc)
WARNING: allowing empty subunit output from samba4.blackbox.samba3dump
WARNING: allowing empty subunit output from samba4.blackbox.upgrade
sh: line 1: 36411 Segmentation fault      ./bin/../scripting/bin/testparm
--configfile=/Users/williambrown/development/samba-master/source4/st/dc/etc/smb.conf
-v --suppress-prompt > /dev/null 2>&1
sh: line 1: 36414 Segmentation fault      ./bin/../scripting/bin/testparm -v
--suppress-prompt
--configfile=/Users/williambrown/development/samba-master/source4/st/dc/etc/smb.conf
1>&2
Failed to create a valid smb.conf configuration
./bin/../scripting/bin/testparm! at
/Users/williambrown/development/samba-master/selftest/target/Samba4.pm line
703.
PROVISIONING DC...testsuite: samba4.rpc.schannel on ncalrpc with
seal,padcheck(dc:local)
no output for name[samba4.rpc.schannel on ncalrpc with seal,padcheck(dc:local)]
ERROR: Testsuite[samba4.rpc.schannel on ncalrpc with seal,padcheck(dc:local)]
REASON: unable to set up environment dc:local - exiting

Here is the contents of /st/summary

= Failed tests =
== samba4.rpc.schannel on ncalrpc with seal,padcheck(dc:local) ==
== samba4.rpc.join on ncalrpc with seal,padcheck(dc:local) ==
== samba4.rpc.altercontext on ncalrpc with seal,padcheck(dc:local) ==
== samba4.rpc.netlogon on ncalrpc with seal,padcheck(dc:local) ==
== samba4.rpc.schannel2 on ncalrpc with seal,padcheck(dc:local) ==
== samba4.rpc.schannel on ncacn_np with seal,padcheck(dc) ==
== samba4.rpc.join on ncacn_np with seal,padcheck(dc) ==
== samba4.rpc.altercontext on ncacn_np with seal,padcheck(dc) ==
== samba4.rpc.netlogon on ncacn_np with seal,padcheck(dc) ==
== samba4.rpc.handles on ncacn_np with seal,padcheck(dc) ==
== samba4.rpc.schannel2 on ncacn_np with seal,padcheck(dc) ==
== samba4.rpc.schannel on ncacn_ip_tcp with seal,padcheck(dc) ==
== samba4.rpc.join on ncacn_ip_tcp with seal,padcheck(dc) ==
== samba4.rpc.altercontext on ncacn_ip_tcp with seal,padcheck(dc) ==
== samba4.rpc.netlogon on ncacn_ip_tcp with seal,padcheck(dc) ==
== samba4.rpc.handles on ncacn_ip_tcp with seal,padcheck(dc) ==
== samba4.rpc.schannel2 on ncacn_ip_tcp with seal,padcheck(dc) ==
== samba4.rpc.schannel on ncalrpc with validate(dc:local) ==
== samba4.rpc.join on ncalrpc with validate(dc:local) ==
== samba4.rpc.altercontext on ncalrpc with validate(dc:local) ==
== samba4.rpc.netlogon on ncalrpc with validate(dc:local) ==
== samba4.rpc.schannel2 on ncalrpc with validate(dc:local) ==
== samba4.rpc.schannel on ncacn_np with validate(dc) ==
== samba4.rpc.join on ncacn_np with validate(dc) ==
== samba4.rpc.altercontext on ncacn_np with validate(dc) ==
== samba4.rpc.netlogon on ncacn_np with validate(dc) ==
== samba4.rpc.handles on ncacn_np with validate(dc) ==
== samba4.rpc.schannel2 on ncacn_np with validate(dc) ==
== samba4.rpc.schannel on ncacn_ip_tcp with validate(dc) ==
== samba4.rpc.join on ncacn_ip_tcp with validate(dc) ==
== samba4.rpc.altercontext on ncacn_ip_tcp with validate(dc) ==
== samba4.rpc.netlogon on ncacn_ip_tcp with validate(dc) ==
== samba4.rpc.handles on ncacn_ip_tcp with validate(dc) ==
== samba4.rpc.schannel2 on ncacn_ip_tcp with validate(dc) ==
== samba4.rpc.schannel on ncalrpc with bigendian(dc:local) ==
== samba4.rpc.join on ncalrpc with bigendian(dc:local) ==
== samba4.rpc.altercontext on ncalrpc with bigendian(dc:local) ==
== samba4.rpc.netlogon on ncalrpc with bigendian(dc:local) ==
== samba4.rpc.schannel2 on ncalrpc with bigendian(dc:local) ==
== samba4.rpc.schannel on ncacn_np with bigendian(dc) ==
== samba4.rpc.join on ncacn_np with bigendian(dc) ==
== samba4.rpc.altercontext on ncacn_np with bigendian(dc) ==
== samba4.rpc.netlogon on ncacn_np with bigendian(dc) ==
== samba4.rpc.handles on ncacn_np with bigendian(dc) ==
== samba4.rpc.schannel2 on ncacn_np with bigendian(dc) ==
== samba4.rpc.schannel on ncacn_ip_tcp with bigendian(dc) ==
== samba4.rpc.join on ncacn_ip_tcp with bigendian(dc) ==
== samba4.rpc.altercontext on ncacn_ip_tcp with bigendian(dc) ==
== samba4.rpc.netlogon on ncacn_ip_tcp with bigendian(dc) ==
== samba4.rpc.handles on ncacn_ip_tcp with bigendian(dc) ==
== samba4.rpc.schannel2 on ncacn_ip_tcp with bigendian(dc) ==
== samba4.rpc.echo with (dc) ==
== samba4.rpc.unixinfo with (dc) ==
== samba4.rpc.netlogon-s3 with (dc) ==
== samba4.rpc.netlogon.admin with (dc) ==
== samba4.rpc.echo with validate(dc) ==
== samba4.rpc.unixinfo with validate(dc) ==
== samba4.rpc.netlogon-s3 with validate(dc) ==
== samba4.rpc.netlogon.admin with validate(dc) ==
== samba4.rpc.echo with bigendian(dc) ==
== samba4.rpc.unixinfo with bigendian(dc) ==
== samba4.rpc.netlogon-s3 with bigendian(dc) ==
== samba4.rpc.netlogon.admin with bigendian(dc) ==
== samba4.rpc.echo on ncacn_np(dc) ==
== samba4.rpc.echo on ncacn_np with connect and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(dc) ==
== samba4.rpc.echo on ncacn_np with spnego and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(dc) ==
== samba4.rpc.echo on ncacn_np with spnego,sign and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(dc) ==
== samba4.rpc.echo on ncacn_np with spnego,seal and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(dc) ==
== samba4.rpc.echo on ncacn_np with validate and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(dc) ==
== samba4.rpc.echo on ncacn_np with padcheck and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(dc) ==
== samba4.rpc.echo on ncacn_np with bigendian and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(dc) ==
== samba4.rpc.echo on ncacn_np with bigendian,seal and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with connect and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with spnego and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with spnego,sign and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with spnego,seal and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with validate and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with padcheck and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with bigendian and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with bigendian,seal and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(dc) ==
== samba4.rpc.echo on ncacn_np(fl2000dc) ==
== samba4.rpc.echo on ncacn_np with connect and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc)
==
== samba4.rpc.echo on ncacn_np with spnego and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc)
==
== samba4.rpc.echo on ncacn_np with spnego,sign and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc)
==
== samba4.rpc.echo on ncacn_np with spnego,seal and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc)
==
== samba4.rpc.echo on ncacn_np with validate and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc)
==
== samba4.rpc.echo on ncacn_np with padcheck and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc)
==
== samba4.rpc.echo on ncacn_np with bigendian and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc)
==
== samba4.rpc.echo on ncacn_np with bigendian,seal and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc)
==
== samba4.rpc.echo on ncacn_ip_tcp(fl2000dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with connect and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with spnego and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with spnego,sign and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with spnego,seal and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with validate and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with padcheck and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with bigendian and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with bigendian,seal and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2000dc)
==
== samba4.rpc.echo on ncacn_np(fl2003dc) ==
== samba4.rpc.echo on ncacn_np with connect and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2003dc)
==
== samba4.rpc.echo on ncacn_np with spnego and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2003dc)
==
== samba4.rpc.echo on ncacn_np with spnego,sign and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2003dc)
==
== samba4.rpc.echo on ncacn_np with spnego,seal and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2003dc)
==
== samba4.rpc.echo on ncacn_np with validate and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2003dc)
==
== samba4.rpc.echo on ncacn_np with padcheck and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2003dc)
==
== samba4.rpc.echo on ncacn_np with bigendian and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2003dc)
==
== samba4.rpc.echo on ncacn_np with bigendian,seal and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2003dc)
==
== samba4.rpc.echo on ncacn_ip_tcp(fl2003dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with connect and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2003dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with spnego and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2003dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with spnego,sign and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2003dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with spnego,seal and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2003dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with validate and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2003dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with padcheck and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2003dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with bigendian and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2003dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with bigendian,seal and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2003dc)
==
== samba4.rpc.echo on ncacn_np(fl2008r2dc) ==
== samba4.rpc.echo on ncacn_np with connect and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2008r2dc)
==
== samba4.rpc.echo on ncacn_np with spnego and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2008r2dc)
==
== samba4.rpc.echo on ncacn_np with spnego,sign and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2008r2dc)
==
== samba4.rpc.echo on ncacn_np with spnego,seal and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2008r2dc)
==
== samba4.rpc.echo on ncacn_np with validate and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2008r2dc)
==
== samba4.rpc.echo on ncacn_np with padcheck and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2008r2dc)
==
== samba4.rpc.echo on ncacn_np with bigendian and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2008r2dc)
==
== samba4.rpc.echo on ncacn_np with bigendian,seal and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2008r2dc)
==
== samba4.rpc.echo on ncacn_ip_tcp(fl2008r2dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with connect and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2008r2dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with spnego and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2008r2dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with spnego,sign and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2008r2dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with spnego,seal and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2008r2dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with validate and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2008r2dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with padcheck and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2008r2dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with bigendian and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2008r2dc)
==
== samba4.rpc.echo on ncacn_ip_tcp with bigendian,seal and
--option=socket:testnonblock=True --option=torture:quick=yes -k yes(fl2008r2dc)
==
== samba4.rpc.echo on ncacn_np with sign and --option=ntlmssp_client:ntlm2=yes
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with sign and --option=ntlmssp_client:ntlm2=no
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with sign and --option=ntlmssp_client:ntlm2=yes
--option=ntlmssp_client:128bit=no --option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with sign and --option=ntlmssp_client:ntlm2=no
--option=ntlmssp_client:128bit=no --option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with sign and --option=ntlmssp_client:ntlm2=yes
--option=ntlmssp_client:keyexchange=no --option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with sign and --option=ntlmssp_client:ntlm2=no
--option=ntlmssp_client:keyexchange=no --option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with sign and --option=clientntlmv2auth=yes
--option=ntlmssp_client:keyexchange=no --option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with sign and --option=clientntlmv2auth=yes
--option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=yes
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with sign and --option=clientntlmv2auth=yes
--option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=no
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with seal and --option=ntlmssp_client:ntlm2=yes
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with seal and --option=ntlmssp_client:ntlm2=no
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with seal and --option=ntlmssp_client:ntlm2=yes
--option=ntlmssp_client:128bit=no --option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with seal and --option=ntlmssp_client:ntlm2=no
--option=ntlmssp_client:128bit=no --option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with seal and --option=ntlmssp_client:ntlm2=yes
--option=ntlmssp_client:keyexchange=no --option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with seal and --option=ntlmssp_client:ntlm2=no
--option=ntlmssp_client:keyexchange=no --option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with seal and --option=clientntlmv2auth=yes
--option=ntlmssp_client:keyexchange=no --option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with seal and --option=clientntlmv2auth=yes
--option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=yes
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np with seal and --option=clientntlmv2auth=yes
--option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=no
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with sign and
--option=ntlmssp_client:ntlm2=yes --option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with sign and
--option=ntlmssp_client:ntlm2=no --option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with sign and
--option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:128bit=no
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with sign and
--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:128bit=no
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with sign and
--option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:keyexchange=no
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with sign and
--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:keyexchange=no
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with sign and --option=clientntlmv2auth=yes
--option=ntlmssp_client:keyexchange=no --option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with sign and --option=clientntlmv2auth=yes
--option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=yes
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with sign and --option=clientntlmv2auth=yes
--option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=no
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with seal and
--option=ntlmssp_client:ntlm2=yes --option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with seal and
--option=ntlmssp_client:ntlm2=no --option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with seal and
--option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:128bit=no
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with seal and
--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:128bit=no
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with seal and
--option=ntlmssp_client:ntlm2=yes --option=ntlmssp_client:keyexchange=no
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with seal and
--option=ntlmssp_client:ntlm2=no --option=ntlmssp_client:keyexchange=no
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with seal and --option=clientntlmv2auth=yes
--option=ntlmssp_client:keyexchange=no --option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with seal and --option=clientntlmv2auth=yes
--option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=yes
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_ip_tcp with seal and --option=clientntlmv2auth=yes
--option=ntlmssp_client:128bit=no --option=ntlmssp_client:keyexchange=no
--option=torture:quick=yes(dc) ==
== samba4.rpc.echo on ncacn_np over smb2(dc) ==
== samba4.base.delete(dc) ==
== samba4.base.unlink(dc) ==
== samba4.base.attr(dc) ==
== samba4.base.tcon(dc) ==
== samba4.base.tcondev(dc) ==
== samba4.base.open(dc) ==
== samba4.base.openattr(dc) ==
== samba4.base.chkpath(dc) ==
== samba4.raw.open(dc) ==
== samba4.raw.read(dc) ==
== samba4.raw.write(dc) ==
== samba4.raw.rename(dc) ==
== samba4.raw.qfsinfo(dc) ==
== samba4.raw.qfileinfo(dc) ==
== samba4.raw.close(dc) ==
== samba4.raw.mkdir(dc) ==
== samba4.raw.ioctl(dc) ==
== samba4.raw.seek(dc) ==
== samba4.raw.eas(dc) ==
== samba4.raw.qfileinfo.ipc(dc) ==
== samba4.ntvfs.cifs.base.delete(dc) ==
== samba4.ntvfs.cifs.base.unlink(dc) ==
== samba4.ntvfs.cifs.base.attr(dc) ==
== samba4.ntvfs.cifs.base.tcon(dc) ==
== samba4.ntvfs.cifs.base.tcondev(dc) ==
== samba4.ntvfs.cifs.base.open(dc) ==
== samba4.ntvfs.cifs.base.openattr(dc) ==
== samba4.ntvfs.cifs.base.chkpath(dc) ==
== samba4.drs.unit ==
Using seed 1292388219
ldb: unable to stat module
/Users/williambrown/development/samba-master/source4/bin/modules/ldb/dsdb_cache.dylib
: No such file or directory
ldb: failed to initialise module
/Users/williambrown/development/samba-master/source4/bin/modules/ldb/dsdb_cache.dylib
: Unavailable
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
INTERNAL ERROR: Signal 11 in pid 37656 (4.0.0alpha14-GIT-12e49a7)
Please read the file BUGS.txt in the distribution
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
smb_panic(): calling panic action
[/Users/williambrown/development/samba-master/selftest/gdb_backtrace 37656
bin/smbtorture]
gdb_backtrace: Trying to use /usr/bin/gdb on bin/smbtorture on PID 37656
GNU gdb 6.3.50-20050815 (Apple version gdb-1510) (Wed Sep 22 02:45:02 UTC 2010)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-apple-darwin"...Reading symbols for shared
libraries
.............................................................................
done

/Users/williambrown/development/samba-master/source4/37656: No such file or
directory
Attaching to program:
`/Users/williambrown/development/samba-master/source4/bin/smbtorture', process
37656.
Reading symbols for shared libraries
.++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.............................
done
0x00007fff8069bf6e in wait4 ()
#0  0x00007fff8069bf6e in wait4 ()
No symbol table info available.
#1  0x00007fff806b051a in system ()
No symbol table info available.
#2  0x0000000100e083cd in smb_panic (why=0x100e215cf "internal error") at
../../lib/util/fault.c:134
        pidstr = "37656\000\000\000#\024###00\001\000\000\000#\025###
                                                                       
cmdstring =
"/Users/williambrown/development/samba-master/selftest/gdb_backtrace 37656
bin/smbtorture\000\000\020\002\001\000\000\000@\000\000\b\000\000\000\000\022\000\000\000\000\000\000\000#\000\000\000########\001\000\000\000@##_#\000\000\025|###00\001\000\000\000urce4/bi#\024###00\001\000\000\000#\025###00\001\000\000\000db_c",
'\0' <repeats 20 times>, "p##_#\000"
        result = 64
#3  0x0000000100e085e6 in fault_report (sig=Could not find the frame base for
"fault_report".
) at ../../lib/util/fault.c:167
        counter = 0
#4  0x0000000100e08611 in sig_fault (sig=Could not find the frame base for
"sig_fault".
) at ../../lib/util/fault.c:182
No locals.
#5  <signal handler called>
No symbol table info available.
#6  0x00000001008177d3 in ldb_connect (ldb=0x0, url=0x1021e9490
"/Users/williambrown/development/samba-master/source4/st/tmp/smbtorturemPyKxS/drs_.kAyFYP/drs_test.ldb",
flags=0, options=0x0) at ../lib/ldb/common/ldb.c:236
        ret = 1
        url2 = 0x7fff5fbf8be0 "###_#"
#7  0x0000000100123350 in torture_drs_unit_ldb_setup (tctx=0x1021b85f0,
priv=0x1021e74f0) at ../torture/drs/unit/prefixmap_tests.c:778
        ldb_err = 35550448
        ldb_url = 0x1021e9490
"/Users/williambrown/development/samba-master/source4/st/tmp/smbtorturemPyKxS/drs_.kAyFYP/drs_test.ldb"
        bret = true
        mem_ctx = (TALLOC_CTX *) 0x1021e9350
        tempdir = 0x1021e92a0
"/Users/williambrown/development/samba-master/source4/st/tmp/smbtorturemPyKxS/drs_.kAyFYP"
        status = {
  v = 0
}
#8  0x0000000100123833 in torture_drs_unit_prefixmap_setup (tctx=0x1021b85f0,
_priv=0x10216a0c8) at ../torture/drs/unit/prefixmap_tests.c:833
        werr = {
  v = 0
}
        blob = {
  data = 0x102833e50 "#", 
  length = 21
}
        priv = (struct drsut_prefixmap_data *) 0x1021e74f0
#9  0x0000000100e4da88 in torture_run_tcase_restricted (context=0x1021b85f0,
tcase=0x10216a0a0, restricted=0x0) at ../../lib/torture/torture.c:485
        ret = true
        test = (struct torture_test *) 0x0
        setup_succeeded = true
        setup_reason = 0x100e4f290 "Setup failed"
#10 0x0000000100e4d513 in torture_run_suite_restricted (context=0x1021b85f0,
suite=0x102169fc0, restricted=0x0) at ../../lib/torture/torture.c:354
        ret = true
        tcase = (struct torture_tcase *) 0x10216a0a0
        tsuite = (struct torture_suite *) 0x10180be2f
#11 0x0000000100e4d483 in torture_run_suite (context=0x1021b85f0,
suite=0x102169fc0) at ../../lib/torture/torture.c:336
No locals.
#12 0x000000010011d6cd in run_matching (torture=0x1021b85f0, prefix=0x0,
expr=0x7fff5fbf9bc6 "drs.unit", restricted=0x0, suite=0x10211cc60,
matched=0x7fff5fbf8e3e) at ../torture/smbtorture.c:92
        name = 0x1021e7490 "drs.unit"
        ret = true
        o = (struct torture_suite *) 0x102169fc0
        t = (struct torture_tcase *) 0x100e0be9c
        p = (struct torture_test *) 0x7fff5fbf8e00
#13 0x000000010011d941 in torture_run_named_tests (torture=0x1021b85f0,
name=0x7fff5fbf9bc6 "drs.unit", restricted=0x0) at ../torture/smbtorture.c:142
        ret = true
        matched = true
        o = (struct torture_suite *) 0x0
#14 0x000000010011f428 in main (argc=10, argv=0x7fff5fbf94c0) at
../torture/smbtorture.c:715
        opt = -1
        i = 2
        correct = true
        max_runtime = 1200
        argc_new = 3
        torture = (struct torture_context *) 0x1021b85f0
        results = (struct torture_results *) 0x1021b8450
        ui_ops = (const struct torture_ui_ops *) 0x100e50160
        argv_new = (char **) 0x1021091d0
        pc = (poptContext) 0x102108ec0
        status = {
  v = 0
}
        shell = 0
        basedir = 0x10210b730
"/Users/williambrown/development/samba-master/source4/st/tmp"
        outputdir = 0x1021b86f0
"/Users/williambrown/development/samba-master/source4/st/tmp/smbtorturemPyKxS"
        extra_module = 0x0
        num_extra_users = 0
        restricted = (char **) 0x0
        num_restricted = -1
        load_list = 0x0
        long_options = {{
    longName = 0x0, 
    shortName = 0 '\0', 
    argInfo = 4, 
    arg = 0x101c8a200, 
    val = 0, 
    descrip = 0x10045a880 "Help options:", 
    argDescrip = 0x0
  }, {
    longName = 0x10041d924 "format", 
    shortName = 0 '\0', 
    argInfo = 1, 
    arg = 0x10062d500, 
    val = 0, 
    descrip = 0x10045a890 "Output format (one of: simple, subunit)", 
    argDescrip = 0x0
  }, {
    longName = 0x10045a8b8 "smb-ports", 
    shortName = 112 'p', 
    argInfo = 1, 
    arg = 0x0, 
    val = 1006, 
    descrip = 0x10045a8c2 "SMB ports", 
    argDescrip = 0x0
  }, {
    longName = 0x10045a8cc "basedir", 
    shortName = 0 '\0', 
    argInfo = 1, 
    arg = 0x7fff5fbf9430, 
    val = 0, 
    descrip = 0x10045a8d4 "base directory", 
    argDescrip = 0x10045a8e3 "BASEDIR"
  }, {
    longName = 0x10045a8eb "seed", 
    shortName = 0 '\0', 
    argInfo = 2, 
    arg = 0x10062d51c, 
    val = 0, 
    descrip = 0x10045a8f0 "Seed to use for randomizer", 
    argDescrip = 0x0
  }, {
    longName = 0x10045a90b "num-progs", 
    shortName = 0 '\0', 
    argInfo = 2, 
    arg = 0x0, 
    val = 1008, 
    descrip = 0x10045a915 "num progs", 
    argDescrip = 0x0
  }, {
    longName = 0x10045a91f "num-ops", 
    shortName = 0 '\0', 
    argInfo = 2, 
    arg = 0x10062d510, 
    val = 0, 
    descrip = 0x10045a927 "num ops", 
    argDescrip = 0x0
  }, {
    longName = 0x10045a92f "entries", 
    shortName = 0 '\0', 
    argInfo = 2, 
    arg = 0x10062d514, 
    val = 0, 
    descrip = 0x10045a92f "entries", 
    argDescrip = 0x0
  }, {
    longName = 0x10045a937 "loadfile", 
    shortName = 0 '\0', 
    argInfo = 1, 
    arg = 0x0, 
    val = 1000, 
    descrip = 0x10045a940 "NBench load file to use", 
    argDescrip = 0x0
  }, {
    longName = 0x10045a958 "list-suites", 
    shortName = 0 '\0', 
    argInfo = 0, 
    arg = 0x100630f80, 
    val = 0, 
    descrip = 0x10045a968 "List available testsuites and exit", 
    argDescrip = 0x0
  }, {
    longName = 0x10045a98b "list", 
    shortName = 0 '\0', 
    argInfo = 0, 
    arg = 0x100630f84, 
    val = 0, 
    descrip = 0x10045a990 "List available tests in specified suites and exit", 
    argDescrip = 0x0
  }, {
    longName = 0x1004d9e50 "unclist", 
    shortName = 0 '\0', 
    argInfo = 1, 
    arg = 0x0, 
    val = 1001, 
    descrip = 0x1004d9e50 "unclist", 
    argDescrip = 0x0
  }, {
    longName = 0x10042c5f0 "timelimit", 
    shortName = 116 't', 
    argInfo = 2, 
    arg = 0x0, 
    val = 1002, 
    descrip = 0x10045a9c4 "Set time limit (in seconds)", 
    argDescrip = 0x0
  }, {
    longName = 0x10045a9e0 "failures", 
    shortName = 102 'f', 
    argInfo = 2, 
    arg = 0x10062d518, 
    val = 0, 
    descrip = 0x10045a9e0 "failures", 
    argDescrip = 0x0
  }, {
    longName = 0x10045a9e9 "parse-dns", 
    shortName = 68 'D', 
    argInfo = 1, 
    arg = 0x0, 
    val = 1003, 
    descrip = 0x10045a9e9 "parse-dns", 
    argDescrip = 0x0
  }, {
    longName = 0x10049bce8 "dangerous", 
    shortName = 88 'X', 
    argInfo = 0, 
    arg = 0x0, 
    val = 1005, 
    descrip = 0x10045a9f8 "run dangerous tests (eg. wiping out password
database)", 
    argDescrip = 0x0
  }, {
    longName = 0x10045aa2f "load-module", 
    shortName = 0 '\0', 
    argInfo = 1, 
    arg = 0x7fff5fbf9420, 
    val = 0, 
    descrip = 0x10045aa3b "load tests from DSO file", 
    argDescrip = 0x10045aa54 "SOFILE"
  }, {
    longName = 0x10045aa5b "shell", 
    shortName = 0 '\0', 
    argInfo = 0, 
    arg = 0x7fff5fbf946c, 
    val = 1, 
    descrip = 0x10045aa61 "Run shell", 
    argDescrip = 0x0
  }, {
    longName = 0x10045aa6b "target", 
    shortName = 84 'T', 
    argInfo = 1, 
    arg = 0x10062d508, 
    val = 0, 
    descrip = 0x10045aa72 "samba3|samba4|other", 
    argDescrip = 0x0
  }, {
    longName = 0x1004d29b8 "async", 
    shortName = 97 'a', 
    argInfo = 0, 
    arg = 0x0, 
    val = 1007, 
    descrip = 0x10045aa8c "run async tests", 
    argDescrip = 0x0
  }, {
    longName = 0x10045aa9c "num-async", 
    shortName = 0 '\0', 
    argInfo = 2, 
    arg = 0x10062d520, 
    val = 0, 
    descrip = 0x10045aaa8 "number of simultaneous async requests", 
    argDescrip = 0x0
  }, {
    longName = 0x10045aace "maximum-runtime", 
    shortName = 0 '\0', 
    argInfo = 2, 
    arg = 0x7fff5fbf9480, 
    val = 0, 
    descrip = 0x10045aae0 "set maximum time for smbtorture to live", 
    argDescrip = 0x10045ab08 "seconds"
  }, {
    longName = 0x10045ab10 "extra-user", 
    shortName = 0 '\0', 
    argInfo = 1, 
    arg = 0x0, 
    val = 1009, 
    descrip = 0x10045ab1b "extra user credentials", 
    argDescrip = 0x0
  }, {
    longName = 0x10045ab32 "load-list", 
    shortName = 0 '\0', 
    argInfo = 1, 
    arg = 0x7fff5fbf9410, 
    val = 0, 
    descrip = 0x10045ab40 "load a test id list from a text file", 
    argDescrip = 0x0
  }, {
    longName = 0x0, 
    shortName = 0 '\0', 
    argInfo = 4, 
    arg = 0x1006306a0, 
    val = 0, 
    descrip = 0x10045ab65 "Common samba options:", 
    argDescrip = 0x0
  }, {
    longName = 0x0, 
    shortName = 0 '\0', 
    argInfo = 4, 
    arg = 0x1006304c0, 
    val = 0, 
    descrip = 0x10045ab7b "Connection options:", 
    argDescrip = 0x0
  }, {
    longName = 0x0, 
    shortName = 0 '\0', 
    argInfo = 4, 
    arg = 0x100630920, 
    val = 0, 
    descrip = 0x10045ab8f "Authentication options:", 
    argDescrip = 0x0
  }, {
    longName = 0x0, 
    shortName = 0 '\0', 
    argInfo = 4, 
    arg = 0x100630860, 
    val = 0, 
    descrip = 0x10045ab65 "Common samba options:", 
    argDescrip = 0x0
  }, {
    longName = 0x0, 
    shortName = 0 '\0', 
    argInfo = 0, 
    arg = 0x0, 
    val = 0, 
    descrip = 0x0, 
    argDescrip = 0x0
  }}
        target = 0x10210cd60 "samba4"
        ui_ops_name = 0x1021062e0 "subunit"
        list_tests = 0
        list_testsuites = 0
No symbol table info available.
smb_panic(): action returned status 0
PANIC: internal error
BACKTRACE: 16 stack frames:
 #0 0   libsamba-util.dylib                 0x0000000100e08210 call_backtrace +
28
 #1 1   libsamba-util.dylib                 0x0000000100e084b2 smb_panic + 501
 #2 2   libsamba-util.dylib                 0x0000000100e085e6 sig_fault + 0
 #3 3   libsamba-util.dylib                 0x0000000100e08611 fault_setup + 0
 #4 4   libSystem.B.dylib                   0x00007fff8067e67a _sigtramp + 26
 #5 5   ???                                 0x00000001021fc080 0x0 + 4330602624
 #6 6   smbtorture                          0x0000000100123350
torture_drs_unit_ldb_setup + 363
 #7 7   smbtorture                          0x0000000100123833
torture_drs_unit_prefixmap_setup + 675
 #8 8   libtorture.dylib                    0x0000000100e4da88
torture_run_tcase_restricted + 142
 #9 9   libtorture.dylib                    0x0000000100e4d513
torture_run_suite_restricted + 139
 #10 10  libtorture.dylib                    0x0000000100e4d483
torture_run_suite + 34
 #11 11  smbtorture                          0x000000010011d6cd run_matching +
183
 #12 12  smbtorture                          0x000000010011d941
torture_run_named_tests + 209
 #13 13  smbtorture                          0x000000010011f428 main + 4449
 #14 14  smbtorture                          0x00000001000037dc start + 52
 #15 15  ???                                 0x000000000000000a 0x0 + 10
command: bin/smbtorture --configfile=$SMB_CONF_PATH
--maximum-runtime=$SELFTEST_MAXTIME --target=$SELFTEST_TARGET
--basedir=$SELFTEST_TMPDIR --option=torture:progress=no --format=subunit
--option=torture:quick=yes $LISTOPT ncalrpc: drs.unit $LOADLIST 2>&1 |
../selftest/filter-subunit $LISTOPT --fail-on-empty --prefix="samba4.drs.unit."
expanded command: bin/smbtorture
--configfile=/Users/williambrown/development/samba-master/source4/st/client/client.conf
--maximum-runtime=1200 --target=samba4
--basedir=/Users/williambrown/development/samba-master/source4/st/tmp
--option=torture:progress=no --format=subunit --option=torture:quick=yes
$LISTOPT ncalrpc: drs.unit $LOADLIST 2>&1 | ../selftest/filter-subunit $LISTOPT
--fail-on-empty --prefix="samba4.drs.unit."
ERROR: Testsuite[samba4.drs.unit]
REASON: Exit code was 1


PROVISIONING DC...PROVISIONING MEMBER...testsuite: samba4.rpc.echo against
member server with local creds(member)
ERROR: Testsuite[samba4.rpc.echo against member server with local
creds(member)]
REASON: unable to set up environment member - exiting


PROVISIONING DC...PROVISIONING MEMBER...testsuite: samba4.rpc.echo against
member server with domain creds(member)
ERROR: Testsuite[samba4.rpc.echo against member server with domain
creds(member)]
REASON: unable to set up environment member - exiting


PROVISIONING DC...PROVISIONING RPC PROXY...testsuite: samba4.rpc.echo against
rpc proxy with domain creds(rpc_proxy)
ERROR: Testsuite[samba4.rpc.echo against rpc proxy with domain
creds(rpc_proxy)]
REASON: unable to set up environment rpc_proxy - exiting


PROVISIONING DC...testsuite: samba4.smb.signing on with -k no --signing=on(dc)
ERROR: Testsuite[samba4.smb.signing on with -k no --signing=on(dc)]
REASON: unable to set up environment dc - exiting


PROVISIONING DC...testsuite: samba4.smb.signing on with -k no
--signing=required(dc)
ERROR: Testsuite[samba4.smb.signing on with -k no --signing=required(dc)]
REASON: unable to set up environment dc - exiting


PROVISIONING DC...testsuite: samba4.smb.signing on with -k no
--option=usespnego=no --signing=on(dc)
ERROR: Testsuite[samba4.smb.signing on with -k no --option=usespnego=no
--signing=on(dc)]
REASON: unable to set up environment dc - exiting


PROVISIONING DC...testsuite: samba4.smb.signing on with -k no
--option=usespnego=no --signing=required(dc)
ERROR: Testsuite[samba4.smb.signing on with -k no --option=usespnego=no
--signing=required(dc)]
REASON: unable to set up environment dc - exiting


PROVISIONING DC...testsuite: samba4.smb.signing on with -k no
--option=gensec:spengo=no --signing=on(dc)
ERROR: Testsuite[samba4.smb.signing on with -k no --option=gensec:spengo=no
--signing=on(dc)]
REASON: unable to set up environment dc - exiting


PROVISIONING DC...testsuite: samba4.smb.signing on with -k no
--option=gensec:spengo=no --signing=required(dc)
ERROR: Testsuite[samba4.smb.signing on with -k no --option=gensec:spengo=no
--signing=required(dc)]
REASON: unable to set up environment dc - exiting


PROVISIONING DC...testsuite: samba4.smb.signing on with -k yes --signing=on(dc)
ERROR: Testsuite[samba4.smb.signing on with -k yes --signing=on(dc)]
REASON: unable to set up environment dc - exiting


PROVISIONING DC...testsuite: samba4.smb.signing on with -k yes
--signing=required(dc)
ERROR: Testsuite[samba4.smb.signing on with -k yes --signing=required(dc)]
REASON: unable to set up environment dc - exiting


PROVISIONING DC...testsuite: samba4.smb.signing on with -k yes
--option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no
--signing=on(dc)
ERROR: Testsuite[samba4.smb.signing on with -k yes
--option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no
--signing=on(dc)]
REASON: unable to set up environment dc - exiting


PROVISIONING DC...testsuite: samba4.smb.signing on with -k yes
--option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no
--signing=required(dc)
ERROR: Testsuite[samba4.smb.signing on with -k yes
--option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no
--signing=required(dc)]
REASON: unable to set up environment dc - exiting


PROVISIONING DC...PROVISIONING MEMBER...testsuite: samba4.smb.signing on with
-k no --signing=off domain-creds(member)
ERROR: Testsuite[samba4.smb.signing on with -k no --signing=off
domain-creds(member)]
REASON: unable to set up environment member - exiting


PROVISIONING DC...PROVISIONING MEMBER...testsuite: samba4.smb.signing on with
-k no --option=usespnego=no --signing=off domain-creds(member)
ERROR: Testsuite[samba4.smb.signing on with -k no --option=usespnego=no
--signing=off domain-creds(member)]
REASON: unable to set up environment member - exiting


PROVISIONING DC...PROVISIONING MEMBER...testsuite: samba4.smb.signing on with
-k no --option=gensec:spengo=no --signing=off domain-creds(member)
ERROR: Testsuite[samba4.smb.signing on with -k no --option=gensec:spengo=no
--signing=off domain-creds(member)]
REASON: unable to set up environment member - exiting


PROVISIONING DC...PROVISIONING MEMBER...testsuite: samba4.smb.signing on with
-k yes --signing=off domain-creds(member)
ERROR: Testsuite[samba4.smb.signing on with -k yes --signing=off
domain-creds(member)]
REASON: unable to set up environment member - exiting


PROVISIONING DC...PROVISIONING MEMBER...testsuite: samba4.smb.signing on with
-k yes --option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no
--signing=off domain-creds(member)
ERROR: Testsuite[samba4.smb.signing on with -k yes
--option=gensec:fake_gssapi_krb5=yes --option=gensec:gssapi_krb5=no
--signing=off domain-creds(member)]
REASON: unable to set up environment member - exiting


PROVISIONING DC...PROVISIONING MEMBER...testsuite: samba4.smb.signing on with
-k no --signing=off local-creds(member)
ERROR: Testsuite[samba4.smb.signing on with -k no --signing=off
local-creds(member)]
REASON: unable to set up environment member - exiting


PROVISIONING DC...PROVISIONING MEMBER...testsuite: samba4.smb.signing on with
-k no --option=usespnego=no --signing=off local-creds(member)
ERROR: Testsuite[samba4.smb.signing on with -k no --option=usespnego=no
--signing=off local-creds(member)]
REASON: unable to set up environment member - exiting


PROVISIONING DC...PROVISIONING MEMBER...testsuite: samba4.smb.signing on with
-k no --option=gensec:spengo=no --signing=off local-creds(member)
ERROR: Testsuite[samba4.smb.signing on with -k no --option=gensec:spengo=no
--signing=off local-creds(member)]
REASON: unable to set up environment member - exiting


PROVISIONING DC...testsuite: samba4.smb.signing --signing=yes anon(dc)
ERROR: Testsuite[samba4.smb.signing --signing=yes anon(dc)]
REASON: unable to set up environment dc - exiting


PROVISIONING DC...testsuite: samba4.smb.signing --signing=required anon(dc)
ERROR: Testsuite[samba4.smb.signing --signing=required anon(dc)]
REASON: unable to set up environment dc - exiting


PROVISIONING DC...PROVISIONING MEMBER...testsuite: samba4.smb.signing
--signing=no anon(member)
ERROR: Testsuite[samba4.smb.signing --signing=no anon(member)]
REASON: unable to set up environment member - exiting


PROVISIONING DC...PROVISIONING RODC...testsuite: samba4.rpc.echo(rodc)
ERROR: Testsuite[samba4.rpc.echo(rodc)]
REASON: unable to set up environment rodc - exiting





== samba4.rpc.echo against member server with local creds(member) ==
== samba4.rpc.echo against member server with domain creds(member) ==
== samba4.rpc.echo against rpc proxy with domain creds(rpc_proxy) ==
== samba4.smb.signing on with -k no --signing=on(dc) ==
== samba4.smb.signing on with -k no --signing=required(dc) ==
== samba4.smb.signing on with -k no --option=usespnego=no --signing=on(dc) ==
== samba4.smb.signing on with -k no --option=usespnego=no
--signing=required(dc) ==
== samba4.smb.signing on with -k no --option=gensec:spengo=no --signing=on(dc)
==
== samba4.smb.signing on with -k no --option=gensec:spengo=no
--signing=required(dc) ==
== samba4.smb.signing on with -k yes --signing=on(dc) ==
== samba4.smb.signing on with -k yes --signing=required(dc) ==
== samba4.smb.signing on with -k yes --option=gensec:fake_gssapi_krb5=yes
--option=gensec:gssapi_krb5=no --signing=on(dc) ==
== samba4.smb.signing on with -k yes --option=gensec:fake_gssapi_krb5=yes
--option=gensec:gssapi_krb5=no --signing=required(dc) ==
== samba4.smb.signing on with -k no --signing=off domain-creds(member) ==
== samba4.smb.signing on with -k no --option=usespnego=no --signing=off
domain-creds(member) ==
== samba4.smb.signing on with -k no --option=gensec:spengo=no --signing=off
domain-creds(member) ==
== samba4.smb.signing on with -k yes --signing=off domain-creds(member) ==
== samba4.smb.signing on with -k yes --option=gensec:fake_gssapi_krb5=yes
--option=gensec:gssapi_krb5=no --signing=off domain-creds(member) ==
== samba4.smb.signing on with -k no --signing=off local-creds(member) ==
== samba4.smb.signing on with -k no --option=usespnego=no --signing=off
local-creds(member) ==
== samba4.smb.signing on with -k no --option=gensec:spengo=no --signing=off
local-creds(member) ==
== samba4.smb.signing --signing=yes anon(dc) ==
== samba4.smb.signing --signing=required anon(dc) ==
== samba4.smb.signing --signing=no anon(member) ==
== samba4.rpc.echo(rodc) ==

= Skipped tests =
UNKNOWN
        samba4.ntvfs.cifs.raw.open(dc)
        samba4.ntvfs.cifs.raw.read(dc)
        samba4.ntvfs.cifs.raw.write(dc)
        samba4.ntvfs.cifs.raw.rename(dc)
        samba4.ntvfs.cifs.raw.qfsinfo(dc)
        samba4.ntvfs.cifs.raw.qfileinfo(dc)
        samba4.ntvfs.cifs.raw.close(dc)
        samba4.ntvfs.cifs.raw.mkdir(dc)
        samba4.ntvfs.cifs.raw.ioctl(dc)
        samba4.ntvfs.cifs.raw.seek(dc)
        samba4.ntvfs.cifs.raw.eas(dc)

------- Comment #1 From Matthias Dieter Wallnöfer 2010-12-18 04:32:57 CST -------
Is this still reproducible? Since such errors often get fixed quickly.

------- Comment #2 From William E Brown 2010-12-18 20:29:29 CST -------
(In reply to comment #1)
> Is this still reproducible? Since such errors often get fixed quickly.
> 

Yes it is

git ref 716ea734e4cd83a2030ca2cac10056bdaab1a021

Shows the exact same errors on make quicktest.

------- Comment #3 From bradleysaulteaux 2011-02-05 08:06:00 CST -------
Which python version are you using?  The segmentation faults stopped happening
for me when I used python27 from MacPorts.

Bug 7901 - smbd restart now gave "KDC has no support for encryption type", after we upgrade PDC from Win2k3 to Win2k8
Bug#: 7901 Product:  Samba 3.5 Version: 3.5.6 Platform: x64
OS/Version: Solaris Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: a.zhao@gtisoft.com QA Contact: samba-qa@samba.org
Component: File services Target Milestone: ---
URL: 
Summary: smbd restart now gave "KDC has no support for encryption type", after we upgrade PDC from Win2k3 to Win2k8
Keywords:  
Opened: 2011-01-04 15:07 CST
Description:   Opened: 2011-01-04 15:07 CST
We have been using samba 3.4/solaris10/x64 authenticated against Win2K3 R2 for
more than a year. Ever since we upgrade all our AD server from Win2K3 R2 to
Win2K8 R2, and then restart the samba daemon, the share access from Windows
client starts to prompt for password, and all the krb5 setting are not working.
Eventually, we find a temporary work around: configure a Win2K3 R2 server as AD
replica server in our 2008 domain, and use the `net ads join` toward the
Win2K3! Currently, I am not using the sunfreeware.org's 3.4.2 binary anymore,
just compile it myself using the stable 3.5.6 source tree.

1) krb5.conf
-bash-3.00# cat /etc/krb5/krb5.conf
[libdefaults]
        default_realm = GTISOFT.COM
        default_tkt_enctypes = des-cbc-md5 ; or des-cbc-crc
        default_tgs_enctypes = des-cbc-md5 ; or des-cbc-crc

[realms]
        GTISOFT.COM = {
        kdc = gamma-master.gtisoft.com
        admin_server = gamma-master.gtisoft.com
        default_domain = gtisoft.com
        }

[domain_realm]
        gtisoft.com = GTISOFT.COM
        .gtisoft.com = GTISOFT.COM

[logging]
        default = FILE:/var/krb5/kdc.log
        kdc = FILE:/var/krb5/kdc.log
        kdc_rotate = {

# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used# frequently.
        period = 1d


# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)
        version = 10
}
[appdefaults]
        kinit = {
        renewable = true
        forwardable= true
        }
        gkadmin = {
        help_url = http://docs.sun.com/app/docs/doc/816-4557/6maosrjk8?a=view
        }

2) Global setting of smb.conf

-bash-3.00# cat /usr/local/samba/lib/smb.conf
# Samba config file created using SWAT
# from UNKNOWN (192.168.100.68)
# Date: 2011/01/04 11:37:36

[global]
        workgroup = GTISOFT
        realm = GTISOFT.COM
        server string = Gamma File Server
        security = ADS
        password server = wolfgang
        username map = /usr/local/samba/lib/smbusers
        kerberos method = system keytab
        wins server = wolfgang
        ldap ssl = no
        ldap debug level = 1
        create krb5 conf = No
        dos filemode = Yes

[homes]
        comment = Home Directories
        valid users = %S
        read only = No
        create mask = 0644
        browseable = No

3) Using krb5.keytab created by `net ads join`

   * the `net ads join` to targeting the only W2K3 AD server, the samba will
function ok

   * if the `net ads join` is targeting any of teh W2K8 AD server(s), the smbd
restart will show in syslog:
[2011/01/04 11:37:12,  0] smbd/server.c:1119(main)
  smbd version 3.5.6 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2010
[2011/01/04 11:37:12.271311,  0] libads/kerberos.c:333(ads_kinit_password)
  kerberos_kinit_password BERNSTEIN$@GTISOFT.COM failed: KDC has no support
forencryption type
[2011/01/04 11:37:12.271534,  0] printing/nt_printing.c:629(nt_printing_init)
  nt_printing_init: error checking published printers: WERR_ACCESS_DENIED

and browsing from Windows client will show following error:

[2011/01/04 15:05:19.404262,  1] smbd/sesssetup.c:332(reply_spnego_kerberos)
  Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!

What is strange about this is: the kerberos setting is tested with kinit and
klist ok.

------- Comment #1 From Allen Zhao 2011-01-04 15:30:51 CST -------
Some other related observations:

1) Sun's own sshd depends on /etc/krb5/krb5.keytab for Kerberos 5 auth on
Solaris 10, and samba is using /etc/krb5.keytab (it will be updated whenever
`net ads join` is run and reset the servicePrincipal's keys.

2) Everytime `net ads join` is used, the krb5 keys will be forced to change.
This is different from the ktpass.exe behavior on Win2K8: ktpass.exe, when run
multiple times, does not change keys. ktpass.exe will change keys only when and
after `net ads join` is run. This seems to indicate some issues with keys
compatibility issues (have more later on this).

3) Right after `net ads join` is executed, user ssh access will not work
anymore (obvious because net changes key on the server side).

3) If I use ktpass.exe to create keys for HOST/fqdn@GTISOFT.COM,
HOST/hostname@GTISOFT.COM and hostname$@GTISOFT.COM (basically mimicing key
structures generated by `net ads join`) and then use ktutil to combine all the
principal keys to a single krb5.keytab (only keep the DES-CBC-CRC/DES-CBC-MD5
keys), the ssh user access can be fixed, but the same krb5.keytab will fail the
samba restart as reported earlier (KDC has no support for encryption type).

4) If I use `net ads join` to create /etc/krb5.keytab, surely it will break
Sun's sshd auth, but smbd restart will have no error anymore, though the
Windows client browse will still prompt for password (only if the `net ads
join` is run targeting a Win2K8 server).

I know all these reports are confusing, but am I missing something here?

------- Comment #2 From Andrew Bartlett 2011-01-10 20:11:45 CST -------
The issue here is DES encryption in Kerberos.   This old and insecure
encryption type is being phased out. 

Is the 'use DES key only' set on your machine account?  A bug causing this to
be set when not required was fixed for 3.6.

Also, remove the default_tkt_enctypes line from your krb5.conf, as this is
forcing you to use DES when Windows 2008 has banned it's use as insecure. 

------- Comment #3 From Andrew Bartlett 2011-01-11 16:24:16 CST -------
Reducing severity as you have a workaround and this appears to be either a
client configuration issue, or an issue with the specific kerberos libraries on
this system. 

Bug 7924 - SID does not match trust
Bug#: 7924 Product:  Samba 4.0 Version: unspecified Platform: x86
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: abartlet@samba.org Reported By: gohmann@univention.de QA Contact: samba4-qa@samba.org
Component: AD: LDB/DSDB/SAMDB Target Milestone: ---
URL: 
Summary: SID does not match trust
Keywords:  
Opened: 2011-01-18 00:16 CST
Description:   Opened: 2011-01-18 00:16 CST
The join of a windows 2003 server to the samba 4 domain was successful. After
the windows reboot I can't login as user because I got a message "The name or
security ID (SID) of the domain specified is inconsistent with the trust
information for that domain". See here for a screen shot:
http://marc.info/?l=samba-technical&m=129195770806953&q=p5

With Windows 7 everything works fine.

I'm using Samba 4 Alpha 14.

Mails on Samba technical:
http://marc.info/?t=129195775700001&r=1&w=2

------- Comment #1 From Stefan Gohmann 2011-01-18 00:17:27 CST -------
Created an attachment (id=6210) [details]
ldbsearch_base.ldif

ldbsearch output of the ldab base

------- Comment #2 From Stefan Gohmann 2011-01-18 00:18:07 CST -------
Created an attachment (id=6211) [details]
ldbsearch_w2k3server.ldif

ldbsearch output of the windows 2003 server ldap object

------- Comment #3 From Stefan Gohmann 2011-01-18 00:18:52 CST -------
Created an attachment (id=6212) [details]
ldbsearch_windows7.ldif

ldbsearch output of the windows 7 ldap object

------- Comment #4 From Stefan Gohmann 2011-01-18 00:19:30 CST -------
Created an attachment (id=6213) [details]
w2k3server_logon.pcap.gz

tcpdump of the windows 2003 logon

------- Comment #5 From Stefan Gohmann 2011-01-18 00:20:16 CST -------
Created an attachment (id=6214) [details]
w2k3server_logon.samba.log.gz

samba log of the windows 2003 logon

------- Comment #6 From Stefan Gohmann 2011-01-18 00:20:44 CST -------
Created an attachment (id=6215) [details]
windows7_logon.pcap.gz

tcpdump of the windows 7 logon

------- Comment #7 From Stefan Gohmann 2011-01-18 00:21:20 CST -------
Created an attachment (id=6216) [details]
windows7_logon.samba.log.gz

samba log of the windows 7 logon

------- Comment #8 From Jonn Taylor 2011-01-22 11:10:38 CST -------
I am also getting this same bug. Tested on all versions of windows 2003. Git
version 4.0.0alpha15-GIT-6ee39a2 seems to have the same bug. This get version
does not have the bug. Version 4.0.0alpha14-GIT-ec33a87.

------- Comment #9 From Matthias Dieter Wallnöfer 2011-01-22 12:24:52 CST -------
If I get this correctly, you are speaking about a trust scenario. Domain trusts
are a still unsupported feature. So a fix from our side is not likely to be
provided soon.
But you could help us writing a patch. This would be highly appreciated.

------- Comment #10 From Stefan Gohmann 2011-01-22 12:45:36 CST -------
(In reply to comment #9)
> If I get this correctly, you are speaking about a trust scenario. Domain trusts
> are a still unsupported feature.

I've joined my windows 2003 server into the samba 4 domain and the windows 2003
server has not installed AD. It is not a trust scenario.

------- Comment #11 From Matthias Dieter Wallnöfer 2011-01-22 12:55:21 CST -------
Ah sorry, you mean the machine trust account - I've misinterpreted the title.
Probably we should wait for a statement by abartlet.

(In reply to comment #10)
> (In reply to comment #9)
> > If I get this correctly, you are speaking about a trust scenario. Domain trusts
> > are a still unsupported feature.
> 
> I've joined my windows 2003 server into the samba 4 domain and the windows 2003
> server has not installed AD. It is not a trust scenario.
> 

------- Comment #12 From Jonn Taylor 2011-01-22 20:31:52 CST -------
Found this when running interactive.

Starting GENSEC mechanism schannel
Could not find session key for attempted schannel connection from
TEST-93341044D0: NT_STATUS_OBJECT_NAME_NOT_FOUND
GENSEC mech rejected the incoming authentication at bind_ack:
NT_STATUS_OBJECT_NAME_NOT_FOUND
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]

Bug 3564 - smbget have reversed exit status codes.
Bug#: 3564 Product:  Samba 3.0 Version: 3.0.21c Platform: Other
OS/Version: Other Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: amit@samba.org Reported By: m.boyarov@sam-solutions.net QA Contact: samba-qa@samba.org
Component: Client Tools Target Milestone: none
URL: 
Summary: smbget have reversed exit status codes.
Keywords:  
Opened: 2006-02-28 13:05 CST
Description:   Opened: 2006-02-28 13:05 CST
All error exit with 0 , for sample in smb_download_file, all success states is
return 1, but main and readrcfile and clean_exit return 0 as success.

for sample:

$ smbget -N smb://unk/none && echo "downloaded ok." || echo "Fail to download."
Downloaded 0b in 0 seconds
downloaded ok.

------- Comment #1 From Amit Regmi 2006-04-27 07:44:00 CST -------
Created an attachment (id=1880) [details]
With this patch smbget would return 0 on every INCOMPLETE download and would
return 1 on a SUCCESSFUL download 

The following test cases would certainly clarify the output the Reporter must
have got which made him file the bug 

=================================================================================

$ ./main.exe false && echo "   success" || echo "   failure"
 false   success             ( when the program returns 0 )

$ ./main.exe true && echo "   success" || echo "   failure"
 true   failure        ( when the program returns 1 )

$ cat main.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(int argc , char *argv[])
{
        if (strcmp(argv[1] , "true") == 0 )  {
                printf("\n true");
                return 1;
        }
        else{
                printf("\n false");
                return 0;
        }
}

$ true && echo "   success" || echo "   failure"
   success

$ false && echo "   success" || echo "   failure"
   failure

------- Comment #2 From Amit Regmi 2006-04-27 07:55:48 CST -------
Created an attachment (id=1881) [details]
With this patch smbget would return 0 on every INCOMPLETE download and would
return 1 on a SUCCESSFUL download 

The following test cases would certainly clarify the output the Max must have
got which made him file the bug 

=================================================================================

$ ./main.exe false && echo "   success" || echo "   failure"
 false   success             ( when the program returns 0 )

$ ./main.exe true && echo "   success" || echo "   failure"
 true   failure        ( when the program returns 1 )

$ cat main.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(int argc , char *argv[])
{
        if (strcmp(argv[1] , "true") == 0 )  {
                printf("\n true");
                return 1;
        }
        else{
                printf("\n false");
                return 0;
        }
}

$ true && echo "   success" || echo "   failure"
   success

$ false && echo "   success" || echo "   failure"
   failure

Bug 3504 - Allow SSL support when build with Solaris ldap library
Bug#: 3504 Product:  Samba 3.2 Version: 3.2.0 Platform: Other
OS/Version: Solaris Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: tiamat@komi.mts.ru QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: Allow SSL support when build with Solaris ldap library
Keywords:  
Opened: 2006-02-13 00:25 CST
Description:   Opened: 2006-02-13 00:25 CST
Please see BUG #3196 (Build samba with Solaris ldap library).

Proposed patch for Samba-3.0.21b. Add some features:

 * Allow SSL support when build with Solaris ldap library
 * Remove smb.conf parameter 'ldap timeout' 
 * New smb.conf parameter 'ldap operation timeout'.
   It replace old parameter 'ldap timeout' and also used for set up
   LDAP_OPT_TIMELIMIT.
 * New smb.conf parameter 'ldap connection timeout'. 
   Used for set up LDAP_X_OPT_CONNECT_TIMEOUT.

Tested with Solaris 9/04 + Sun One Directory Server 5.2.

Quck howto for Solaris ldap library ssl client:

# cd /usr/local/etc/samba
# certutil -N -d .
# certutil -A -n "MTS Komi Ca" -t "CT,," -d . -a -i ca.crt
# certutil -L -d .

Certificate Name                                             Trust Attributes

MTS Komi Ca                                                  CT,,

p    Valid peer
P    Trusted peer (implies p)
c    Valid CA
T    Trusted CA to issue client certs (implies c)
C    Trusted CA to certs(only server certs for ssl) (implies c)
u    User cert
w    Send warning

# ./testparm -v|grep ldap
...
Server role: ROLE_DOMAIN_PDC
...
        passdb backend = "ldapsam:ldaps://sandra.komi.mts.ru
simona.komi.mts.ru"
        ldap admin dn = cn=samba,dc=komi,dc=mts,dc=ru
        ldap cert db = /usr/local/etc/samba/cert7.db
        ldap suffix = dc=komi,dc=nw,dc=mts,dc=ru
        ldap connection timeout = 1
        ldap operation timeout = 15

Hint for passdb backend:
 * for OpenLDAP library:
 passdb backend = "ldapsam:ldaps://server1 ldaps://server2"

 * for Solaris library:
 passdb backend = "ldapsam:ldaps://server1 server2"

# ./pdbedit -d 3 -v tiamat
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file
"/usr/local/etc/samba/smb.conf"
Processing section "[global]"
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=KOMI))]
Successfully setup ldapssl session with sandra.komi.mts.ru
simona.komi.mts.ru:636
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=KOMI))]
Successfully setup ldapssl session with sandra.komi.mts.ru
simona.komi.mts.ru:636
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
init_sam_from_ldap: Entry found for user: tiamat
Unix username:        tiamat
NT username:          tiamat
Account Flags:        [U          ]
User SID:             S-1-5-21-1234567890-1234567890-1234567890-4008
Primary Group SID:    S-1-5-21-1234567890-1234567890-1234567890-513
Full Name:            &#1044;&#1077;&#1081;&#1090;&#1077;&#1088;
&#1040;&#1083;&#1077;&#1082;&#1089;&#1072;&#1085;&#1076;&#1088;
&#1042;&#1072;&#1083;&#1077;&#1088;&#1080;&#1077;&#1074;&#1080;&#1095;
Home Directory:
HomeDir Drive:
Logon Script:
Profile Path:
Domain:               KOMI
Account desc:         &#1042;&#1077;&#1076;&#1091;&#1097;&#1080;&#1081;
&#1089;&#1087;&#1077;&#1094;&#1080;&#1072;&#1083;&#1080;&#1089;&#1090;
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Sun, 04 Dec 0468 18:30:07 MSK
Kickoff time:         Sun, 04 Dec 0468 18:30:07 MSK
Password last set:    Mon, 12 Dec 2005 09:01:54 MSK
Password can change:  Mon, 12 Dec 2005 09:01:54 MSK
Password must change: Mon, 06 Mar 2006 09:01:54 MSK
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Directory server access log:
[12/Feb/2006:16:38:50 +0300] conn=2022 op=-1 msgId=-1 - fd=42 slot=42 LDAPS
connection from 10.50.1.4 to 10.50.1.7
[12/Feb/2006:16:38:50 +0300] conn=2022 op=-1 msgId=-1 - SSL 128-bit RC4
[12/Feb/2006:16:38:50 +0300] conn=2022 op=0 msgId=1 - BIND
dn="cn=samba,dc=komi,dc=mts,dc=ru" method=128 version=3

Thanks s lot!

------- Comment #1 From Alex Deiter 2006-02-13 00:29:53 CST -------
Created an attachment (id=1724) [details]
Allow SSL support when build with Solaris ldap library

Patch for Samba-3.0.21b

------- Comment #2 From Alex Deiter 2006-04-04 07:53:05 CST -------
Created an attachment (id=1841) [details]
Patch for Samba-3.0.22

Patch for Samba-3.0.22

------- Comment #3 From Alex Deiter 2006-10-12 23:31:55 CST -------
Created an attachment (id=2182) [details]
Patch for Samba-3.0.23c

Patch for Samba-3.0.23c

------- Comment #4 From Björn Jacke 2007-08-23 04:17:18 CST -------
*** Bug 4758 has been marked as a duplicate of this bug. ***

------- Comment #5 From Björn Jacke 2008-04-21 09:55:58 CST -------
Created an attachment (id=3267) [details]
git patch for today's  3_2_test

the attached patch is a port of this Netscape LDAP SSL patch to 3.2 and it also
introduces support for OpenLDAP's equivalent of Netscape's
LDAP_X_OPT_CONNECT_TIMEOUT, which OpenLDAP calls LDAP_OPT_NETWORK_TIMEOUT.

This patch introduces now the two more fine grained parameters:

ldap connection timeout (defaults to 2 seconds)

ldap operation timeout (defaults to 15 seconds, like ldap timeout in previous
versions)

"ldap timeout" is being removed accordingly.

------- Comment #6 From David Markey 2008-04-28 09:50:28 CST -------
(In reply to comment #4)
> *** Bug 4758 has been marked as a duplicate of this bug. ***
> 

Trying to patch 3.0.28a i get the following errors and it wont compile
subsequently. 

Anyone got an update?


bash-3.00# gpatch -p0  < patch2
patching file source/configure.in
Hunk #1 succeeded at 3263 (offset 79 lines).
patching file source/include/config.h.in
Hunk #1 succeeded at 905 (offset 101 lines).
patching file source/include/smbldap.h
Hunk #1 succeeded at 220 (offset 4 lines).
patching file source/lib/smbldap.c
Hunk #2 succeeded at 627 (offset -2 lines).
Hunk #3 succeeded at 1211 (offset 5 lines).
Hunk #4 succeeded at 1241 (offset -2 lines).
Hunk #5 succeeded at 1260 (offset 5 lines).
Hunk #6 succeeded at 1401 (offset 9 lines).
Hunk #7 succeeded at 1440 (offset 16 lines).
Hunk #8 succeeded at 1476 (offset 20 lines).
Hunk #9 succeeded at 1517 (offset 27 lines).
patching file source/libads/ldap.c
Hunk #1 succeeded at 92 (offset 6 lines).
Hunk #2 succeeded at 422 (offset 98 lines).
patching file source/nsswitch/winbindd_rpc.c
Hunk #1 succeeded at 755 (offset 78 lines).
patching file source/param/loadparm.c
Hunk #1 FAILED at 234.
Hunk #2 succeeded at 1184 (offset 20 lines).
Hunk #4 succeeded at 1599 with fuzz 1 (offset 28 lines).
Hunk #5 succeeded at 1903 with fuzz 2 (offset 62 lines).
1 out of 5 hunks FAILED -- saving rejects to file source/param/loadparm.c.rej
patching file source/libads/cldap.c
Hunk #1 FAILED at 193.
1 out of 1 hunk FAILED -- saving rejects to file source/libads/cldap.c.rej

------- Comment #7 From David Markey 2008-04-28 12:58:29 CST -------
I've also tried pam_smbpass from Samba-3.0.23c but it doesnt want to work with
or without SSL. Looks like i'll need the new version with a new patch.

------- Comment #8 From David Markey 2008-04-28 13:39:35 CST -------
Also could someone give an example of creating a self signed certificate + db
and how to configure samba to not require a client certificate at all..(which
should be possible)

------- Comment #9 From Karolin Seeger 2008-06-06 02:26:59 CST -------
Björn, could you please extract the SSL support portion from your patch and
attach it as a new patch?

The other part already went into v3-2 as 'ldap connection timeout' meanwhile.

Thanks a lot!

------- Comment #10 From Björn Jacke 2009-01-28 04:28:54 CST -------
as long as opensolaris doesn't survive 10 minutes of work in my test
environment's vmware I can't do anything here.

------- Comment #11 From David Markey 2009-06-08 19:37:25 CST -------
Maybe opensolaris will ship openldap libs soon?

Bug 5525 - samba locks up if cups server is unresponsive
Bug#: 5525 Product:  Samba 3.6 Version: unspecified Platform: All
OS/Version: Linux Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: vorlon@debian.org QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL:  http://bugs.debian.org/479512
Summary: samba locks up if cups server is unresponsive
Keywords:  
Opened: 2008-06-08 01:44 CST
Description:   Opened: 2008-06-08 01:44 CST
If samba is configured for cups printing and the local cups printer is
unresponsive, then smbd hangs even if 'load printers' is disabled.  This is
because reload_printers() unconditionally reloads the printcap cache, even when
there's no chance that this will result in printer shares being defined.

samba should be made more robust against problems with the cups server in cases
where printers aren't even being exported by samba.

------- Comment #1 From Steve Langasek 2008-06-08 01:50:39 CST -------
Created an attachment (id=3339) [details]
patch to avoid talking to CUPS when not configured to load printers

Here is a patch that I believe should prevent unnecessarily contacting the CUPS
server when printers are not being shared.

------- Comment #2 From Serge Bohdjalian 2008-12-05 10:12:57 CST -------
With my system, Samba 3.0.28 AND 3.2.5 locked/hanged if CUPS was unresponsive.
However, adding the following line to "smb.conf" prevented a lock/hang:

printcap = /etc/printcap

(My "printcap" file has only commented lines.) Even though there's a work
around, presumably Samba should be more robust. While I believe CUPS support is
usually present on Linux systems, this isn't the case on my VPS system. 

------- Comment #3 From Karolin Seeger 2009-06-06 08:06:56 CST -------
Does the "cups connection timeout" help to solve that problem?

------- Comment #4 From Karolin Seeger 2009-06-06 08:07:32 CST -------
Günther, what do you think about this patch?

------- Comment #5 From Karolin Seeger 2009-06-06 08:23:04 CST -------
This one has been fixed in 3.3.0 and newer with the "cups connection timeout
(defaults to 60 seconds).

Closing out bug report.

Thanks for reporting!

------- Comment #6 From Björn Jacke 2009-06-06 13:09:59 CST -------
I like the idea that printer reloads are not being done when no printers are
being used for sure. Currently printcap reload is being done by all client smbd
processes; and via cups calls this is something which puts a cups server on
high load. I'll reopen and assing this bug to myself to have a reminder to have
a look at this.

------- Comment #7 From Steve Langasek 2009-06-06 17:03:31 CST -------
thanks, Björn; I agree, replacing an indefinite hang with a one-minute timeout
isn't a very satisfactory fix for this, in cases that we know we're not
supposed to be talking to the cups server anyway.

Bug 5670 - [PATCH] Packaging script fix for Solaris 10
Bug#: 5670 Product:  Samba 3.2 Version: 3.2.0 Platform: All
OS/Version: Solaris Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: mludvig@logix.net.nz QA Contact: samba-qa@samba.org
Component: Packaging Target Milestone: ---
URL: 
Summary: [PATCH] Packaging script fix for Solaris 10
Keywords:  
Opened: 2008-08-05 07:22 CST
Description:   Opened: 2008-08-05 07:22 CST
On Solaris 10, both x86 and Sparc, the script provided in
samba-3.2.0/packaging/Solaris doesn't work correctly and the README needs some
fixes as well. 

Attached patch fixes the build script to work on default Solaris 10
installation. Please apply.

------- Comment #1 From Michal Ludvig 2008-08-05 07:23:33 CST -------
Created an attachment (id=3454) [details]
Proposed patch

Bug 6448 - printcap reload too inefficient
Bug#: 6448 Product:  Samba 3.6 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: bj@sernet.de QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: printcap reload too inefficient
Keywords:  
Opened: 2009-06-06 13:32 CST
Description:   Opened: 2009-06-06 13:32 CST
currently printcap reload is being done by every clients' smbd on its own.

printcap reload isn't expensive when printcap is a file but it is quite
expensive when printcap = cups is set. With 100 connected clients or more
printcap reload is putting too much load on the CUPS server. Even a high
printcap timeout does not help because printcap is being reloaded immediately
when smbd gets a HUP signal or then smb.conf was rewritten.

As a fix the printcap reload should probably be done by the forked smbd which
currently also handles print queue polling.

------- Comment #1 From Björn Jacke 2009-10-15 18:21:55 CST -------
Jeremy, you took the bug. Any news on this?

------- Comment #2 From Jeremy Allison 2009-10-15 19:31:28 CST -------
Errr, no sorry. This is a little tricky to do, as any change in the printer
list would need to be passed back to the smbd's so they can update any dynamic
shares.

Jeremy.

------- Comment #3 From Karolin Seeger 2010-01-25 08:21:08 CST -------
Too late for enhancements for 3.5. Raising version.

------- Comment #4 From Björn Jacke 2010-09-15 11:39:38 CST -------
simo, I think you just fixed this with the aproach of the tdb cache, right?

------- Comment #5 From Jeremy Allison 2010-09-15 11:42:59 CST -------
Not in 3.6.0 - code is still only in master, so currently targetted for 4.0.0
only.
Jeremy.

------- Comment #6 From Björn Jacke 2010-09-15 15:51:15 CST -------
reassign to me.

Note: lp_printcap_timeout needs to be used ...

Bug 6835 - configure fails when "--enable-merged-build" is set
Bug#: 6835 Product:  Samba 3.4 Version: unspecified Platform: x86
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: khaled.blah@marasystems.de QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: configure fails when "--enable-merged-build" is set
Keywords:  
Opened: 2009-10-21 07:19 CST
Description:   Opened: 2009-10-21 07:19 CST
I have tried Samba 3.4.2, 3.4.1 and "latest" (which appearantly is not equal to
3.4.2) and wanted to enable the Samba 4 sources. However, doing so leads to
this error message:

build/smb_build/main.pl: can't open '../lib/tevent/python.mk' at
build/smb_build/config_mk.pm line 173.

The error message can be avoided by taking out one line from the samba.m4 file
which refers to a file which is not there (hence the error message):

sed -i "s/SMB_INCLUDE_MK(\.\.\/lib\/tevent\/python\.mk)//g" samba4.m4

I don't think this will affect the building but I could be wrong of course.

I am sure that is not intented to happen so I'm reporting this as a bug.

------- Comment #1 From Volker Lendecke 2009-10-21 07:37:01 CST -------
Sorry, this is not a blocker. The merged build is not a supported feature yet.

Volker

Bug 6953 - 'talloc_free' undeclared in source4/librpc/rpc/dcerpc_smb.c when configured using --without-talloc --enable-merged-build
Bug#: 6953 Product:  Samba 3.4 Version: 3.4.3 Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: samba@tk-webart.de QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: 'talloc_free' undeclared in source4/librpc/rpc/dcerpc_smb.c when configured using --without-talloc --enable-merged-build
Keywords:  
Opened: 2009-12-02 06:59 CST
Description:   Opened: 2009-12-02 06:59 CST
After applying the modifications explained in Bug #6952, I run into the
following error:

Compiling
/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/librpc/rpc/dcerpc_smb2.c
/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/librpc/rpc/dcerpc_smb.c:
In function 'smb_shutdown_pipe':
/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/librpc/rpc/dcerpc_smb.c:381:
error: 'talloc_free' undeclared (first use in this function)
/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/librpc/rpc/dcerpc_smb.c:381:
error: (Each undeclared identifier is reported only once
/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/librpc/rpc/dcerpc_smb.c:381:
error: for each function it appears in.)
The following command failed:
x86_64-pc-linux-gnu-gcc
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/../heimdal_build
-I..
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/include
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/../lib/replace
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/lib
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/hcrypto
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/../lib/talloc/python
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/include
-D_SAMBA_BUILD_=4 -DHAVE_CONFIG_H
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/lib/ldb/include
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/lib/ldb/include
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/lib/ldb/include
-I./../source4/lib/ldb/include
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/lib/ldb/include
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/lib/ldb/include
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/lib/ldb/include
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/lib/ldb/include
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/../heimdal_build
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/gssapi
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/gssapi/gssapi
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/gssapi/spnego
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/gssapi/krb5
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/gssapi/mech
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal_build
-I./../source4/heimdal_build
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/roken
-I./../source4/heimdal/lib/roken
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/gssapi
-I/usr/include -I/usr/include -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
-D_GNU_SOURCE  -Iinclude -I./include  -I. -I. -I./../lib/replace  
-I./../lib/tevent -I./../lib/tdb/include -I./libaddns -I./librpc -I./..
-I./../lib/popt -I/usr/include -DLDAP_DEPRECATED -I/usr/include -I/usr/include
-march=nocona -Os -mfpmath=sse -msse3 -pipe   
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/../heimdal_build
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/hdb
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/hdb
   
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/lib/ldb/include
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/lib/ldb/include
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/lib/ldb/ldb_tdb
 
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/lib/ldb/include
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/lib/ldb/include
     
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/../heimdal_build
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/krb5
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/asn1
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/com_err
 
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/../heimdal_build
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/hx509
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/hx509
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/asn1
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/asn1
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/asn1
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/hx509
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/../heimdal_build
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/hcrypto
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/../heimdal_build
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/hcrypto/imath
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/../heimdal_build
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/wind
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/asn1
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/asn1
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/asn1
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/asn1
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/../heimdal_build
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/asn1
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/../heimdal_build
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/com_err
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/../heimdal_build
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/heimdal/lib/roken
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/../lib/socket_wrapper
 
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/lib/events
-I./../source4/lib/events
-I/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/../lib/tevent
  -I../lib/replace   -I/usr/include -I/usr/include -D_LARGEFILE64_SOURCE
-D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE  -Iinclude -I./include  -I. -I.
-I./../lib/replace   -I./../lib/tevent -I./../lib/tdb/include -I./libaddns
-I./librpc -I./.. -I./../lib/popt -I/usr/include -DLDAP_DEPRECATED
-I/usr/include -I/usr/include -march=nocona -Os -mfpmath=sse -msse3 -pipe      
 -fPIC -c
/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/librpc/rpc/dcerpc_smb.c
-o
/var/tmp/portage/net-fs/samba-server-3.4.3-r2/work/samba-3.4.3/source3/../source4/librpc/rpc/dcerpc_smb.o


Apparently, talloc_free moves to _talloc_free for standalone talloc. How can we
detect/fix this?

Bug 6954 - ../source4/version.h is not created for configure --enable-merged-build
Bug#: 6954 Product:  Samba 3.4 Version: 3.4.3 Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: samba@tk-webart.de QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: ../source4/version.h is not created for configure --enable-merged-build
Keywords:  
Opened: 2009-12-02 07:05 CST
Description:   Opened: 2009-12-02 07:05 CST
After running
configure --enable-merged-build

source4/version.h

isn't created, nor is there a target in any of the source3 Makefiles to do so.
The version.h is needed for the source4-parts of the merged build to compile.

------- Comment #1 From Torsten Kurbad 2009-12-02 07:09:00 CST -------
Created an attachment (id=5042) [details]
samba-3.4.3-version.h.patch

The attached patch creates the necessary ../source4/version.h when calling
make basics
from source3.

I think, this should already be done by the configure step in case
--enable-merged-build is given, but my understanding of configure & Co. is to
weak to accomplish that...

Bug 6964 - Fails to build on QNX because winbind_krb5_locator.so has undefined references to talloc
Bug#: 6964 Product:  Samba 3.6 Version: unspecified Platform: x86
OS/Version: Other Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: mkraai@beckman.com QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL:  http://build.samba.org/?function=View+Build;host=qnx18;tree=samba_3_master;compiler=gcc
Summary: Fails to build on QNX because winbind_krb5_locator.so has undefined references to talloc
Keywords:  
Opened: 2009-12-04 00:57 CST
Description:   Opened: 2009-12-04 00:57 CST
When the QNX build farm machine tries to build the master version of samba, it
fails to link bin/winbind_krb5_locator.so because there are undefined
references to talloc functions:

Linking bin/winbind_krb5_locator.so
bin/libwbclient.a(wbclient.o): In function `wbcLibraryDetails':
wbclient.c:(.text+0xbc): undefined reference to `talloc_named_const'
wbclient.c:(.text+0xe0): undefined reference to `talloc_strdup'
wbclient.c:(.text+0x110): undefined reference to `_talloc_free'
bin/libwbclient.a(wbclient.o): In function `wbcFreeMemory':
wbclient.c:(.text+0x144): undefined reference to `_talloc_free'
bin/libwbclient.a(wbc_util.o): In function `wbcAddNamedBlob':
wbc_util.c:(.text+0x2d): undefined reference to `_talloc_realloc_array'
wbc_util.c:(.text+0x42): undefined reference to `talloc_strdup'
wbc_util.c:(.text+0x5f): undefined reference to `_talloc_memdup'
bin/libwbclient.a(wbc_util.o): In function `wbcResolveWinsByIP':
wbc_util.c:(.text+0x130): undefined reference to `talloc_strdup'
bin/libwbclient.a(wbc_util.o): In function `wbcResolveWinsByName':
wbc_util.c:(.text+0x1c8): undefined reference to `talloc_strdup'
bin/libwbclient.a(wbc_util.o): In function `wbcLookupDomainControllerEx':
wbc_util.c:(.text+0x359): undefined reference to `talloc_named_const'
wbc_util.c:(.text+0x37f): undefined reference to `talloc_strdup'
wbc_util.c:(.text+0x3a2): undefined reference to `talloc_strdup'
wbc_util.c:(.text+0x3ef): undefined reference to `talloc_named_const'
wbc_util.c:(.text+0x434): undefined reference to `talloc_strdup'
wbc_util.c:(.text+0x461): undefined reference to `talloc_strdup'
wbc_util.c:(.text+0x4ab): undefined reference to `talloc_strdup'
wbc_util.c:(.text+0x4e8): undefined reference to `talloc_strdup'
wbc_util.c:(.text+0x523): undefined reference to `_talloc_free'
wbc_util.c:(.text+0x53d): undefined reference to `_talloc_free'
bin/libwbclient.a(wbc_util.o): In function `wbcLookupDomainController':
wbc_util.c:(.text+0x5dd): undefined reference to `talloc_named_const'
wbc_util.c:(.text+0x617): undefined reference to `talloc_strdup'
wbc_util.c:(.text+0x648): undefined reference to `_talloc_free'
bin/libwbclient.a(wbc_util.o): In function `wbcDomainInfo':
wbc_util.c:(.text+0x6f8): undefined reference to `talloc_named_const'
wbc_util.c:(.text+0x715): undefined reference to `talloc_strdup'
wbc_util.c:(.text+0x72e): undefined reference to `talloc_strdup'
wbc_util.c:(.text+0x7a3): undefined reference to `_talloc_free'
bin/libwbclient.a(wbc_util.o): In function `wbcInterfaceDetails':
wbc_util.c:(.text+0x7fa): undefined reference to `talloc_named_const'
wbc_util.c:(.text+0x85f): undefined reference to `talloc_strdup'
wbc_util.c:(.text+0x8a6): undefined reference to `talloc_strdup'
wbc_util.c:(.text+0x8eb): undefined reference to `talloc_strdup'
wbc_util.c:(.text+0x92e): undefined reference to `talloc_strdup'
wbc_util.c:(.text+0x975): undefined reference to `_talloc_free'
bin/libwbclient.a(wbc_util.o): In function `wbcListTrusts':
wbc_util.c:(.text+0xa24): undefined reference to `_talloc_array'
wbc_util.c:(.text+0xb46): undefined reference to `talloc_strdup'
wbc_util.c:(.text+0xb86): undefined reference to `talloc_strdup'
wbc_util.c:(.text+0xe66): undefined reference to `_talloc_free'
bin/libwbclient.a(wbc_sid.o): In function `wbcListGroups':
wbc_sid.c:(.text+0x18d): undefined reference to `_talloc_realloc_array'
wbc_sid.c:(.text+0x1b1): undefined reference to `talloc_strdup'
wbc_sid.c:(.text+0x23f): undefined reference to `_talloc_free'
bin/libwbclient.a(wbc_sid.o): In function `wbcListUsers':
wbc_sid.c:(.text+0x367): undefined reference to `_talloc_realloc_array'
wbc_sid.c:(.text+0x38b): undefined reference to `talloc_strdup'
wbc_sid.c:(.text+0x419): undefined reference to `_talloc_free'
bin/libwbclient.a(wbc_sid.o): In function `wbcSidToString':
wbc_sid.c:(.text+0x696): undefined reference to `talloc_asprintf'
wbc_sid.c:(.text+0x6c9): undefined reference to `talloc_asprintf_append'
wbc_sid.c:(.text+0x70a): undefined reference to `_talloc_free'
bin/libwbclient.a(wbc_sid.o): In function `wbcGetSidAliases':
wbc_sid.c:(.text+0x7ed): undefined reference to `_talloc_array'
wbc_sid.c:(.text+0x8c4): undefined reference to `_talloc_realloc_array'
wbc_sid.c:(.text+0x995): undefined reference to `_talloc_array'
wbc_sid.c:(.text+0xad6): undefined reference to `_talloc_free'
wbc_sid.c:(.text+0xb03): undefined reference to `_talloc_free'
bin/libwbclient.a(wbc_sid.o): In function `wbcLookupUserSids':
wbc_sid.c:(.text+0xc30): undefined reference to `_talloc_array'
wbc_sid.c:(.text+0xd1b): undefined reference to `_talloc_free'
bin/libwbclient.a(wbc_sid.o): In function `wbcLookupRids':
wbc_sid.c:(.text+0xdf1): undefined reference to `_talloc_zero_array'
wbc_sid.c:(.text+0xeee): undefined reference to `_talloc_free'
wbc_sid.c:(.text+0xf0a): undefined reference to `talloc_strdup'
wbc_sid.c:(.text+0xf4a): undefined reference to `_talloc_array'
wbc_sid.c:(.text+0xf87): undefined reference to `_talloc_array'
wbc_sid.c:(.text+0x103c): undefined reference to `talloc_strdup'
wbc_sid.c:(.text+0x1113): undefined reference to `_talloc_free'
wbc_sid.c:(.text+0x1134): undefined reference to `_talloc_free'
wbc_sid.c:(.text+0x1155): undefined reference to `_talloc_free'
bin/libwbclient.a(wbc_sid.o): In function `wbcLookupSid':
wbc_sid.c:(.text+0x1225): undefined reference to `talloc_strdup'
wbc_sid.c:(.text+0x124c): undefined reference to `talloc_strdup'
wbc_sid.c:(.text+0x1292): undefined reference to `_talloc_free'
wbc_sid.c:(.text+0x12b2): undefined reference to `_talloc_free'
wbc_sid.c:(.text+0x12e5): undefined reference to `_talloc_free'
bin/libwbclient.a(wbc_sid.o): In function `wbcGetDisplayName':
wbc_sid.c:(.text+0x1383): undefined reference to `talloc_strdup'
bin/libwbclient.a(wbc_guid.o): In function `wbcGuidToString':
wbc_guid.c:(.text+0x173): undefined reference to `talloc_asprintf'
bin/libwbclient.a(wbc_pwd.o): In function `wbcGetGroups':
wbc_pwd.c:(.text+0x22c): undefined reference to `_talloc_array'
wbc_pwd.c:(.text+0x29d): undefined reference to `_talloc_free'
bin/libwbclient.a(wbc_pwd.o): In function `copy_passwd_entry':
wbc_pwd.c:(.text+0x2d1): undefined reference to `talloc_named_const'
wbc_pwd.c:(.text+0x2e8): undefined reference to `talloc_strdup'
wbc_pwd.c:(.text+0x301): undefined reference to `talloc_strdup'
wbc_pwd.c:(.text+0x31b): undefined reference to `talloc_strdup'
wbc_pwd.c:(.text+0x335): undefined reference to `talloc_strdup'
wbc_pwd.c:(.text+0x34f): undefined reference to `talloc_strdup'
wbc_pwd.c:(.text+0x37d): undefined reference to `_talloc_free'
bin/libwbclient.a(wbc_pwd.o): In function `copy_group_entry':
wbc_pwd.c:(.text+0x5c7): undefined reference to `talloc_named_const'
wbc_pwd.c:(.text+0x5e1): undefined reference to `talloc_strdup'
wbc_pwd.c:(.text+0x603): undefined reference to `talloc_strdup'
wbc_pwd.c:(.text+0x63f): undefined reference to `_talloc_array'
wbc_pwd.c:(.text+0x69d): undefined reference to `talloc_strdup'
wbc_pwd.c:(.text+0x703): undefined reference to `_talloc_free'
collect2: ld returned 1 exit status

------- Comment #1 From Matt Kraai 2009-12-04 00:58:01 CST -------
Created an attachment (id=5052) [details]
Link winbind_krb5_locator against libtalloc

------- Comment #2 From Matt Kraai 2009-12-04 00:58:28 CST -------
(In reply to comment #1)
> Created an attachment (id=5052) [details] [details]
> Link winbind_krb5_locator against libtalloc

I haven't tested this patch yet, but I'll try to do so tomorrow.

------- Comment #3 From Matt Kraai 2009-12-04 10:26:35 CST -------
Created an attachment (id=5055) [details]
Link winbind_krb5_locator against libtalloc

I've verified that this patch fixes the build.  It differs from the previous
version in that it adds libtalloc after libwbclient, since the references to
libtalloc come from libwbclient.

Bug 7049 - Cross compilation without something like samba_cv_USE_SETRESUID=yes in config.site causes Samba to fail at runtime in hard to understand ways
Bug#: 7049 Product:  Samba 3.4 Version: 3.4.4 Platform: Other
OS/Version: Windows XP Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: realrichardsharpe@gmail.com QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: Cross compilation without something like samba_cv_USE_SETRESUID=yes in config.site causes Samba to fail at runtime in hard to understand ways
Keywords:  
Opened: 2010-01-19 12:17 CST
Description:   Opened: 2010-01-19 12:17 CST
If you are cross compiling Samba with something like:

CONFIG_SITE=config.site ./configure --host=arm-none-linux-gnueabi
--without-krb5 --without-ldap --without-ads --with-privatedir=/var/locks
--with-lockdir=/var/locks --with-piddir=/var/locks --with-modulesdir=/lib/vfs
--with-aio-support --disable-fam

and you do not have something like samba_cv_USE_SETRESUID=yes in config.site,
you end up with problems in source3/lib/util_sec.c:set_effective_[gu]id et all,
because they all have things like this:

void set_effective_gid(gid_t gid)
{
#if USE_SETRESUID
        setresgid(-1,gid,-1);
#endif

#if USE_SETREUID
        setregid(-1,gid);
#endif

#if USE_SETEUID
        setegid(gid);
#endif

#if USE_SETUIDX
        setgidx(ID_EFFECTIVE, gid);
#endif

        assert_gid(-1, gid);
}

If none of those USE_xxx symbols are set, nothing is done and you assert at
runtime.

It would be useful for those doing cross compiles if there was something in
there that caused a compile time error if none of those symbols is set/defined
or perhaps a configure time error if none of them is defined in a cross
compiling situation.

Bug 7132 - Configure - checking for ifconf
Bug#: 7132 Product:  Samba 3.3 Version: 3.3.9 Platform: Sparc
OS/Version: Windows XP Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: ralf.weinert@siemens.com QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: Configure - checking for ifconf
Keywords:  
Opened: 2010-02-13 09:04 CST
Description:   Opened: 2010-02-13 09:04 CST
Running the configure script without any options on a Unix Solaris 8 /Solaris
10 workstation will check for ifconf and it tells then which interfaces were
found. As soon as I run it with the options --with-aio-support --with-ads
--with-ldap --with-krb5=.... --disable-swat there is no check for ifconf done.
The latest samba version 3.3.10 is affected too.

Bug 7328 - Build uses kerberos libraries even if configure is called --without-krb5
Bug#: 7328 Product:  Samba 3.6 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: kai@samba.org QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: Build uses kerberos libraries even if configure is called --without-krb5
Keywords:  
Opened: 2010-04-05 04:50 CST
Description:   Opened: 2010-04-05 04:50 CST
If a system comes with the kerberos and ldap libraries installed, the configure
option --without-krb5 fails to turn off kerberos support in the build. If you
really want a samba build without kerberos, you need to specify --without-ads
as well. This bug hides the naive reproduction of bug #7327.

Bug 7467 - configure cannot find ldap & lber header files and libraries
Bug#: 7467 Product:  Samba 3.2 Version: 3.2.4 Platform: PPC
OS/Version: AIX Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: chris.good@infor.com QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: configure cannot find ldap & lber header files and libraries
Keywords:  
Opened: 2010-05-27 18:42 CST
Description:   Opened: 2010-05-27 18:42 CST
OS: AIX 5.3
gcc 4.0.0

I wanted to use the OpenLDAP & MIT krb5 include files in /opt/pware/include &
corresponding libraries in /opt/pware/lib which were part of the install of
Samba 3.0.25a from http://us2.samba.org/samba/ftp/Binary_Packages/AIX/ (now
http://pware.hvcc.edu/) but there is no configure option that I could find to
do this.

I tried setting configure arg --includedir but that didn't work.

I eventually got configure to recognize ldap was available by:
1) creating symlinks to ldap &
lber files in /opt/pware/include in /usr/include
2) setting LDFLAGS=-L/opt/pware/lib before running configure so it could find
libldap*

------- Comment #1 From Chris Good 2010-05-27 19:06:03 CST -------
Also, to fix error:

Compiling libsmb/clikrb5.c
libsmb/clikrb5.c: In function 'handle_krberror_packet':
libsmb/clikrb5.c:1518: error: 'ERROR_TABLE_BASE_krb5' undeclared (first use in
t
his function)
libsmb/clikrb5.c:1518: error: (Each undeclared identifier is reported only once
libsmb/clikrb5.c:1518: error: for each function it appears in.)
The following command failed:
gcc -I. -I/usr/local/samba-3.2.4/source  -O -D_SAMBA_BUILD_=3 
-I/usr/local/samb
a-3.2.4/source/iniparser/src -Iinclude -I./include  -I. -I. -I./lib/replace
-I./
lib/talloc -I./lib/tdb/include -I./libaddns -I./librpc -DHAVE_CONFIG_H 
-Iinclud
e -I./include -I. -I. -I./lib/replace -I./lib/talloc -I./lib/tdb/include
-I./lib
addns -I./librpc -I./popt -DLDAP_DEPRECATED   -I/include
-I/usr/local/samba-3.2.
4/source/lib -D_SAMBA_BUILD_=3 -O2 -c libsmb/clikrb5.c -o libsmb/clikrb5.o

I had to add -I/opt/pware/include to CPPFLAGS in Makefile.

Bug 7469 - error: parse error before 'mbstate_t'
Bug#: 7469 Product:  Samba 3.2 Version: 3.2.4 Platform: Other
OS/Version: Windows XP Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: chris.good@infor.com QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: error: parse error before 'mbstate_t'
Keywords:  
Opened: 2010-05-27 19:12 CST
Description:   Opened: 2010-05-27 19:12 CST
OS: AIX 5.3
gcc 4.0.0

To fix error:

Compiling passdb/pdb_nds.c
In file included from passdb/pdb_nds.c:25:
/opt/freeware/lib/gcc/powerpc-ibm-aix5.1.0.0/4.0.0/include/wchar.h:299: error:
p
arse error before 'mbstate_t'
/opt/freeware/lib/gcc/powerpc-ibm-aix5.1.0.0/4.0.0/include/wchar.h:302: error:
p
arse error before 'mbstate_t'
The following command failed:
gcc -I. -I/usr/local/samba-3.2.4/source  -O -D_SAMBA_BUILD_=3 
-I/usr/local/samb
a-3.2.4/source/iniparser/src -Iinclude -I./include  -I. -I. -I./lib/replace
-I./
lib/talloc -I./lib/tdb/include -I./libaddns -I./librpc -DHAVE_CONFIG_H 
-Iinclud
e -I./include -I. -I./lib/replace -I./lib/talloc -I./lib/tdb/include
-I./libaddn
s -I./librpc -I./popt -I/opt/pware/include -DLDAP_DEPRECATED   -I/include
-I/usr
/local/samba-3.2.4/source/lib -D_SAMBA_BUILD_=3 -O2 -c passdb/pdb_nds.c -o
passd
b/pdb_nds.o

Add to includes/includes.h :
        #ifndef MBSTATE_T
        #define MBSTATE_T
        typedef char * mbstate_t;      /* conversion state holder ISO C MSE */
        #endif

Bug 7471 - cli_krb5_get_ticket() used unconditionally in .../source3/libsmb/clispnego.c
Bug#: 7471 Product:  Samba 3.5 Version: 3.5.3 Platform: Other
OS/Version: Other Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: schmitz@hp.com QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: cli_krb5_get_ticket() used unconditionally in .../source3/libsmb/clispnego.c
Keywords:  
Opened: 2010-05-28 02:27 CST
Description:   Opened: 2010-05-28 02:27 CST
cli_krb5_get_ticket() used unconditionally in .../source3/libsmb/clispnego.c.
Possible patch (but I'm not really sure whether this is a good one):

diff -u ./source3/libsmb/clispnego.c.orig ./source3/libsmb/clispnego.c
--- ./source3/libsmb/clispnego.c.orig   2010-05-17 06:51:23.000000000 -0500
+++ ./source3/libsmb/clispnego.c        2010-05-27 05:12:43.000000000 -0500
@@ -387,6 +387,7 @@
        DATA_BLOB tkt, tkt_wrapped;
        const char *krb_mechs[] = {OID_KERBEROS5_OLD, OID_KERBEROS5,
OID_NTLMSSP, NULL};

+#ifdef HAVE_KRB5 /* ??? TODO! */
        /* get a kerberos ticket for the service and extract the session key */
        retval = cli_krb5_get_ticket(principal, time_offset,
                                        &tkt, session_key_krb5, extra_ap_opts,
NULL, 
@@ -394,6 +395,7 @@

        if (retval)
                return retval;
+#endif

        /* wrap that up in a nice GSS-API wrapping */
        tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);


bye, Jojo

------- Comment #1 From Joachim Schmitz 2010-09-27 07:53:59 CST -------
Created an attachment (id=5987) [details]
patch

Actually the real problem was a missing prototype. In connection wioth c99
style (neede foe desiganated initializer) this led to a compiler error.
Attached patch has 2 alternatives of fixing this, i.e. only one of the 2
changes is needed.

Bug 7472 - dn_expand() and res_query() used unconditionally in .../source3/libads/dns.c
Bug#: 7472 Product:  Samba 3.5 Version: 3.5.3 Platform: Other
OS/Version: Other Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: schmitz@hp.com QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: dn_expand() and res_query() used unconditionally in .../source3/libads/dns.c
Keywords:  
Opened: 2010-05-28 02:33 CST
Description:   Opened: 2010-05-28 02:33 CST
dn_expand() and res_query() used unconditionally in .../source3/libads/dns.c.

Not sure at all how to properly fix it, but the least should be to brackt them
which #ifdef HAVE_xxx:

diff -u ./source3/libads/dns.c.orig ./source3/libads/dns.c
--- ./source3/libads/dns.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/libads/dns.c      2010-05-27 07:30:42.000000000 -0500
@@ -87,7 +87,9 @@

        /* See RFC 1035 for details. If this fails, then return. */

+#ifdef HAVE_DN_EXPAND /* TODO!!! */
        namelen = dn_expand( start, end, p, hostname, sizeof(hostname) );
+#endif
        if ( namelen < 0 ) {
                return False;
        }
@@ -124,7 +126,9 @@
        ZERO_STRUCTP( rr );
        /* pull the name from the answer */

+#ifdef HAVE_DN_EXPAND /* TODO!!! */
        namelen = dn_expand( start, end, p, hostname, sizeof(hostname) );
+#endif
        if ( namelen < 0 ) {
                return -1;
        }
@@ -198,7 +202,9 @@

        p += 6;

+#ifdef HAVE_DN_EXPAND /* TODO!!! */
        namelen = dn_expand( start, end, p, dcname, sizeof(dcname) );
+#endif
        if ( namelen < 0 ) {
                DEBUG(1,("ads_dns_parse_rr_srv: Failed to uncompress
name!\n"));
                return False;
@@ -247,7 +253,9 @@

        /* ame server hostname */

+#ifdef HAVE_DN_EXPAND /* TODO!!! */
        namelen = dn_expand( start, end, p, nsname, sizeof(nsname) );
+#endif
        if ( namelen < 0 ) {
                DEBUG(1,("ads_dns_parse_rr_ns: Failed to uncompress name!\n"));
                return False;
@@ -336,6 +344,7 @@
                        }
                }

#ifdef HAVE_RES_QUERY /* TODO!!! */
                if ((resp_len = res_query(name, C_IN, q_type, buffer, buf_len))
                                < 0 ) {
                        DEBUG(3,("ads_dns_lookup_srv: "
@@ -353,6 +362,7 @@
                        last_dns_check = time(NULL);
                        return last_dns_status;
                }
+#endif

                /* On AIX, Solaris, and possibly some older glibc systems (e.g.
SLES8)
                   truncated replies never give back a resp_len > buflen


configure does check for dn_expand() (and sets HAVE_DN_EXPAND accordingly), but
not for res_query(). I guess a system that does have dn_expand() would always
also have res_query(), so that last chunk might better check for HAVE_DN_EXPAND
rather than HAVE_RES_QUERY?

Bye, Jojo

------- Comment #1 From Joachim Schmitz 2010-05-30 15:01:24 CST -------
I ceated a more sensible patch, one that doesn't leave namelen uninitialized
and does return sensible values (False resp. -1) to the caller. Will upload
tomorrow.

------- Comment #2 From Joachim Schmitz 2010-05-30 15:17:50 CST -------
Created an attachment (id=5750) [details]
Patch

------- Comment #3 From Joachim Schmitz 2010-07-06 04:17:06 CST -------
res_query() and dn_expand() are apparently part of glibc, but also part of
bind.
So systems where glibc is not available might use bind's lib (-lbind) instead?
In any case Configure would need to check in addition to looking for it in
-lresolv and set this up, wouldn't it?

------- Comment #4 From Björn Jacke 2010-07-06 04:56:44 CST -------
hm, I don't find them in my bind 9.7 header files. But in any case, yes, if we
want to use those functions from another library we need to configure check for
it. maybe putting the check and the "magic" to use libbind or whatever library
into libreplace would be a good idea, too.

------- Comment #5 From Joachim Schmitz 2010-07-06 04:58:43 CST -------
I found them being defined in ...bind-9.2.2/lib/bind/resolv/res_{data,comp}.c

Bug 7473 - wrong logic in .../source3/lib/system.c when checking for HAVE_SETGROUPS
Bug#: 7473 Product:  Samba 3.5 Version: 3.5.3 Platform: Other
OS/Version: Other Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: schmitz@hp.com QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: wrong logic in .../source3/lib/system.c when checking for HAVE_SETGROUPS
Keywords:  
Opened: 2010-05-28 02:39 CST
Description:   Opened: 2010-05-28 02:39 CST
wrong logic in .../source3/lib/system.c when checking for HAVE_SETGROUPS.
Patch:

diff -u ./source3/lib/system.c.orig ./source3/lib/system.c
--- ./source3/lib/system.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/lib/system.c      2010-05-27 07:13:48.000000000 -0500
@@ -1201,17 +1205,15 @@

 int sys_setgroups(gid_t UNUSED(primary_gid), int setlen, gid_t *gidset)
 {
-#if !defined(HAVE_SETGROUPS)
-       errno = ENOSYS;
-       return -1;
-#endif /* HAVE_SETGROUPS */
-
 #if defined(USE_BSD_SETGROUPS)
        return sys_bsd_setgroups(primary_gid, setlen, gidset);
 #elif defined(HAVE_BROKEN_GETGROUPS)
        return sys_broken_setgroups(setlen, gidset);
-#else
+#elif defined(HAVE_SETGROUPS)
        return setgroups(setlen, gidset);
+#else
+       errno = ENOSYS;
+       return -1;
 #endif
 }


There's a releated but very old and closed report, #545.

Bye, Jojo

------- Comment #1 From Joachim Schmitz 2010-06-01 04:17:09 CST -------
Created an attachment (id=5755) [details]
Patch

------- Comment #2 From Joachim Schmitz 2010-06-08 07:10:47 CST -------
Created an attachment (id=5770) [details]
patch for system.c

removing an unrelated hunk from my patch

Bug 7477 - configure incorrectly 'detects' stdbool.h
Bug#: 7477 Product:  Samba 3.5 Version: 3.5.3 Platform: Other
OS/Version: Other Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: schmitz@hp.com QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: configure incorrectly 'detects' stdbool.h
Keywords:  
Opened: 2010-05-28 02:59 CST
Description:   Opened: 2010-05-28 02:59 CST
confirure incorrectly 'detects' stdbool.h and sets HAVE_STDBOOL in
.../source3/include/config.h.
I had to get rid of it manualy:

diff -u ./source3/include/config.h.orig ./source3/include/config.h
--- ./source3/include/config.h.orig     2010-05-26 09:28:24.000000000 -0500
+++ ./source3/include/config.h  2010-05-26 09:38:35.000000000 -0500
@@ -2116,7 +2116,9 @@
 #define HAVE_STDARG_H 1

 /* Define to 1 if you have the <stdbool.h> header file. */
+#ifndef __TANDEM /* wrongly recognized? */
 #define HAVE_STDBOOL_H 1
+#endif

 /* Define to 1 if you have the <stdint.h> header file. */
 #define HAVE_STDINT_H 1


But I'm well aware thai this is not the proper fix...

Nye, Jojo

------- Comment #1 From Joachim Schmitz 2010-05-30 12:21:39 CST -------
Forget about it, I must have made some mistake, as an attempt to reproduce this
failed miserably, 'configure' does detect the absence of stdbool.h and reflects
that in config.h.
Guess I missee a 'make clean' between two 'configure' runs and the 2nd one
deteted stdbool.h in ...lib/replace.

See also bug 7461, which I believe can also get closed (I'm verifying this at
the moment).

Bye, Jojo

------- Comment #2 From Björn Jacke 2010-06-16 16:47:48 CST -------
do we actually require to run a make clean before each configure?

Shouldn't libreplace's configure see that the found stdbool.h is its own one
and not throw its that one away after it found it? :-)

------- Comment #3 From Joachim Schmitz 2010-06-17 00:41:11 CST -------
Well, I was only guessing what might have gone wrong. I couldn't reproduce it
later. That's why I closed the bug.
But if you have ideas what went wrong and how to fix, I'd not be agaist it...

------- Comment #4 From Björn Jacke 2010-06-17 03:51:27 CST -------
this is a problem we see on other machines, too. I also stumbed over it on IRIX
and another machine recently. Metze or Jelmer - do you have an idea how to
easily limit the search for header files to the system include directories only
and prevent that libreplace finds its own generated header files?

------- Comment #5 From Jelmer Vernooij 2010-06-28 06:42:33 CST -------
I guess the issue is that we shouldn't have lib/replace in the include paths
during configure - we weren't doing so in the past at least. Is there any
reason why we need to do so now?

Bug 7502 - Problem after joining ....in the control panel
Bug#: 7502 Product:  Samba 3.4 Version: 3.4.3 Platform: x86
OS/Version: Windows 7 Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: daniele.grillo@gmail.com QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: Problem after joining ....in the control panel
Keywords:  
Opened: 2010-06-09 06:24 CST
Description:   Opened: 2010-06-09 06:24 CST
The joining work!

But when you are in User Manager ( Into the control panel of Windows 7) and try
to add a user account ( I see correctly the Directory)...and I select a User
...this is the message show from Windows 7 after that I press OK button:

The trust relationship between this workstation and the primary domain failed.

Bug 7626 - Typo in configure samba_cv__CC_NEGATIVE_ENUM_VALUES two underscores
Bug#: 7626 Product:  Samba 3.5 Version: 3.5.4 Platform: Other
OS/Version: Linux Status: NEW Severity: trivial Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: sambabugs.20.negativum@spamgourmet.com QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: Typo in configure samba_cv__CC_NEGATIVE_ENUM_VALUES two underscores
Keywords:  
Opened: 2010-08-17 23:02 CST
Description:   Opened: 2010-08-17 23:02 CST
'samba_cv__CC_NEGATIVE_ENUM_VALUES'
cv__ with two underscores instead of one

source3/configure:13140:samba_cv__CC_NEGATIVE_ENUM_VALUES=no
source3/configure.in:338:      
samba_cv_CC_NEGATIVE_ENUM_VALUES=yes,samba_cv__CC_NEGATIVE_ENUM_VALUES=no)])

Bug 7758 - smbd with avahi support needs to link with -lpthread
Bug#: 7758 Product:  Samba 3.5 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: s.neumann@raumfeld.com QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: smbd with avahi support needs to link with -lpthread
Keywords:  
Opened: 2010-10-27 08:38 CST
Description:   Opened: 2010-10-27 08:38 CST
smbd compiled with support for avahi crashes on startup when used with uClibc.
Without avahi support, it works nicely.  I've tracked this down to missing
linker flags and I am attaching a patch that fixes the problem.

------- Comment #1 From Sven Neumann 2010-10-27 08:39:33 CST -------
Created an attachment (id=6036) [details]
patch to fix linker flags for smbd

------- Comment #2 From Volker Lendecke 2010-10-27 09:46:35 CST -------
Isn't the patch a bit simplistic? It works fine on glibc systems, maybe because
pthreads is linked implicitly. Isn't it possible to get this with some autoconf
test?

Volker

------- Comment #3 From Björn Jacke 2010-10-27 09:54:45 CST -------
LIBS contains PTHREAD_LDFLAGS if smbd needs them. That is only the case if we
use the enable_pthreadpool configure option which is mostly deprecated.

(from configure.in:)
if test x"$enable_pthreadpool" = x"yes" -a x"$samba_cv_HAVE_PTHREAD" = x"yes";
then
    LIBS="$LIBS $PTHREAD_LDFLAGS"
...

On your system, your avahi library needs to be fixed and be linked against
libpthread - that is my guess.

------- Comment #4 From Sven Neumann 2010-10-27 10:10:52 CST -------
I don't mind if you just close this report. I only just spent several hours
tracking down this problem and though it might help someone if the solution
ended up in a related bug-tracker.

------- Comment #5 From Volker Lendecke 2010-10-27 10:13:30 CST -------
Well, we'd like to build Samba on as many platforms as possible. But your patch
does not really help in the general case.

What libs does your libavahi.so depend on? If it needs pthreads, but does not
provide that dependency according to ldd, then we'd need a special case like
the RHEL5 readline one.

Did you compile libavahi yourself, or is this an off-the-shelf platform you're
running on?

Volker

------- Comment #6 From Sven Neumann 2010-10-27 10:25:44 CST -------
This is buildroot using uClibc (see http://buildroot.uclibc.org/). The
buildroot folks are shipping a similar patch for samba 3.3.x. Now after
updating to samba 3.5.6 and seeing that a similar patch is still needed, I
thought it would be best to submit this upstream.

libavahi-client.so has a dependency on libpthread.so.0 according to ldd.

------- Comment #7 From Volker Lendecke 2010-10-27 10:50:54 CST -------
Ok, I don't get that. I thought that if a library explicitly depends on another
library, the main program does not have to do the same. This is really weird.

Can you give me an URL to read why this is necessary? I would like to
understand the reason behind it.

Thanks,

Volker

------- Comment #8 From Sven Neumann 2010-10-27 14:23:10 CST -------
(In reply to comment #7)
> Ok, I don't get that. I thought that if a library explicitly depends on another
> library, the main program does not have to do the same. This is really weird.
> 

As far as I understand this is only true for glibc on Linux. On other
platforms, such as Win32, or uCLibc on Linux, all libraries have to be
specified explicitly on the linker command-line, even if they are pulled in
implicitly by other libraries. Unfortunately I can't point you to a good
reference on this subject.

------- Comment #9 From Volker Lendecke 2010-10-27 15:18:20 CST -------
Wow, ok. If that's true, it will be *VERY* hairy to get the linker line right
for all platforms. krb5 might depend on com_err without us knowing for example.
cups depends on openssl which itself might depend on some asn1 stuff. Just
making up wild examples, but this can become arbitrarily complex. I wonder if
there is an automated way to test this.

Volker

------- Comment #10 From Sven Neumann 2010-10-28 02:54:03 CST -------
Well, the usual way to solve this is to use pkg-config to ask the libraries for
their required linker flags. pkg-config will also merge the linker flags for
all libraries you specify on its command-line. Not sure though if there is also
a way to test the result.

Anyway, before you break samba for other people, I can also submit my patch to
buildroot instead.

------- Comment #11 From Björn Jacke 2010-10-28 09:39:26 CST -------
also on uCLibc binaries are in ELF format. This is the output of my OpenWRT's
libstd++ when I run readelf -a on it:

Dynamic section at offset 0xec contains 29 entries:
  Tag        Type                         Name/Value
 0x00000001 (NEEDED)                     Shared library: [libm.so.0]
 0x00000001 (NEEDED)                     Shared library: [libgcc_s.so.1]
 0x00000001 (NEEDED)                     Shared library: [libc.so.0]
 0x0000000e (SONAME)                     Library soname: [libstdc++.so.6]
 0x0000000c (INIT)                       0x25ae4

this looks pretty much like even on uCLibc based distros this is the way
binaries (including libraries) contain the information where to look for the
symbols they use.

Bug 7771 - NTTIME cannot set/get dates before 1/1/1970
Bug#: 7771 Product:  Samba 4.0 Version: unspecified Platform: All
OS/Version: All Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: mcrha@redhat.com QA Contact: samba4-qa@samba.org
Component: Other Target Milestone: ---
URL: 
Summary: NTTIME cannot set/get dates before 1/1/1970
Keywords:  
Opened: 2010-11-02 12:02 CST
Description:   Opened: 2010-11-02 12:02 CST
As reported in Gnome's bugzilla against evolution-mapi:
https://bugzilla.gnome.org/show_bug.cgi?id=633185

the NTTIME routines cannot get/set dates before 1/1/1970.

------- Comment #1 From Matthias Dieter Wallnöfer 2010-11-03 16:49:46 CST -------
By the definition this should work:

lib/util/time.h
===============
> /* 64 bit time (100 nanosec) 1601 - cifs6.txt, section 3.5, page 30, 4 byte aligned */
> typedef uint64_t NTTIME;

Please explain a bit in which codepath this doesn't work in order to allow a
bugfix.

------- Comment #2 From Björn Jacke 2010-11-03 17:05:09 CST -------
also from lib/util/time.h:

#ifndef TIME_T_MIN
/* we use 0 here, because (time_t)-1 means error */
#define TIME_T_MIN 0
#endif

TIME_T_MIN isn't predefined on most systems, so with this 1970-01-01 is the
lower end of supported time supported by Samba. It would be cool if we could
support the full range of the system's unsigned time_t range. Most problematic
are the special cases of UNIX time "0" and "-1", which have special meaning at
several places inside Samba. I think the rest of the negative time_t range
could be used theoretically with some tweaking.

------- Comment #3 From Milan Crha 2010-11-04 05:04:45 CST -------
Yes, the problem is that you have max and min for time_t, but you should only
treat those special values (I didn't know of 0, but I know of -1).

Basically using nt_time_to_unix, nttime_to_timeval and unix_to_nt_time (and
most likely others too) clamps the time_t value to your boundaries, though the
other values (below 1970) can be safely expressed within time_t as a negative
value. My workaround in evolution-mapi is to rewrite your routines to those
where the value is not clamped.

------- Comment #4 From Matthias Dieter Wallnöfer 2010-11-04 10:40:06 CST -------
Björn, would you take care about this patch? Should I assign it up to you?
And then, should we keep it under Samba 4 or would you like to have it under
Samba 3.6?

------- Comment #5 From Björn Jacke 2010-11-08 04:30:55 CST -------
I'll take the ticket as I have that topic on my personal todo list. I'm not
sure about the time frame for the fixing, so if someone else wants to look into
that, feel free to do so, too.
It's to be fixed mainly in shared code, so it doesn't matter if it's 4.0 or 3.x
in bugzilla.

Bug 7814 - Compile Error with Kernelheders 2.6.36
Bug#: 7814 Product:  Samba 3.5 Version: 3.5.6 Platform: x86
OS/Version: Linux Status: NEW Severity: minor Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: m.koenigshaus@wut.de QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: Compile Error with Kernelheders 2.6.36
Keywords:  
Opened: 2010-11-23 11:34 CST
Description:   Opened: 2010-11-23 11:34 CST
Trying to compile Samba-3.5.6 with Kernelheaders 2.6.36 fails at
sysquotas_xfs.c because the XFS_QUOTA_XXX defines were renamed to FS_QUOTA_XXX.
Renaming the the macros in sysquotas_xfs.c to FS_QUOTA_XXX solves this problem.

Bug 7824 - .... as-needed again
Bug#: 7824 Product:  Samba 3.5 Version: 3.5.6 Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: bj@sernet.de Reported By: samba@oflebbe.de QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: .... as-needed again
Keywords:  
Opened: 2010-11-26 11:49 CST
Description:   Opened: 2010-11-26 11:49 CST
Hi,

I would like to see change b9835a1f9d8b81 cherry-picked into samba-3.5.x, since
it fixes RedHat EL 4 builds for me.

(see #7209 for discussion)

Greetings 
   Olaf

Bug 699 - auth_fn callback missing password encryption status
Bug#: 699 Product:  Samba 3.0 Version: 3.0.0 Platform: Other
OS/Version: All Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: derrell.lipman@unwireduniverse.com Reported By: hadess@hadess.net QA Contact: samba-qa@samba.org
Component: libsmbclient Target Milestone: none
URL:  http://bugzilla.gnome.org/show_bug.cgi?id=119175
Summary: auth_fn callback missing password encryption status
Keywords:  
Opened: 2003-10-30 08:35 CST
Description:   Opened: 2003-10-30 08:35 CST
It would be nice to have in the auth_fn callback the way the password is going
to be sent as, ie. either encrypted or plain text.

------- Comment #1 From Jelmer Vernooij 2004-01-06 12:07:49 CST -------
This can also be done by setting the appropriate smb.conf option in
~/.smb.conf.

------- Comment #2 From Gerald (Jerry) Carter 2005-02-08 21:30:14 CST -------
apparently there is a workaround

------- Comment #3 From Bastien Nocera 2010-09-04 12:05:58 CST -------
(In reply to comment #1)
> This can also be done by setting the appropriate smb.conf option in
> ~/.smb.conf.

That doesn't actually tell me whether the password will be sent as encrypted or
not, it will force one type or the other of passwords.

Bug 4557 - smbc_stat or smbc_getxattr can't handle Vista symlinks.
Bug#: 4557 Product:  Samba 3.0 Version: 3.0.25 Platform: x86
OS/Version: Other Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: derrell.lipman@unwireduniverse.com Reported By: henke@mac.se QA Contact: samba-qa@samba.org
Component: libsmbclient Target Milestone: none
URL: 
Summary: smbc_stat or smbc_getxattr can't handle Vista symlinks.
Keywords:  
Opened: 2007-04-26 04:52 CST
Description:   Opened: 2007-04-26 04:52 CST
We are not able to tell if a file is a symlink or junction when run against a
Vista client.
This causes quite a bit of problem as smbc_open/smbc_read will throw a lot of
errors going through a directory structure on a Vista client with a lot of
symlinks/junctions.

Below are our tests and findings.

C:\Users\Administrator\Documents>mkdir mydir

C:\Users\Administrator\Documents>mklink /j myjunction mydir
Junction created for myjunction <<===>> mydir

C:\Users\Administrator\Documents>mklink /d mysymlink mydir
symbolic link created for mysymlink <<===>> mydir

C:\Users\Administrator\Documents>dir
 Volume in drive C has no label.
 Volume Serial Number is 0256-B10C

 Directory of C:\Users\Administrator\Documents

2007-04-26  09:44    <DIR>          .
2007-04-26  09:44    <DIR>          ..
2007-04-26  09:41    <DIR>          mydir
2007-04-26  09:40    <JUNCTION>     myjunction
[C:\Users\Administrator\Documents\mydir]
2007-04-26  09:40    <SYMLINKD>     mysymlink [mydir]
               0 File(s)              0 bytes
               5 Dir(s)  139 957 547 008 bytes free


mydir
    stat: mode 0x41ed
getxattr: mode   0x10


mysymlink
    stat: mode 0x41ed
getxattr: mode (9) EBADF


myjunction
    stat: mode 0x41ed
getxattr: mode  0x410


//Henrik

------- Comment #1 From Henrik 2007-12-07 09:29:52 CST -------
Created an attachment (id=3027) [details]
Vista-Vista dir command showing junction

I did a connect from a vista machine to another vista machine and executed a
dir command on the remote share.

------- Comment #2 From Henrik 2007-12-07 09:30:43 CST -------
Created an attachment (id=3028) [details]
Followed a junction in Explorer  when mounting a Vista share from Vista

------- Comment #3 From Henrik 2007-12-07 09:31:26 CST -------
Created an attachment (id=3029) [details]
Listing folder through explorer on a vista machine when connected to another
vista machine

------- Comment #4 From Volker Lendecke 2007-12-07 15:35:28 CST -------
Can you repeat the same traces with Vista against W2k3, XP or some Windows
version that is *not* Vista? What you sent is smb2 traffic which Samba does not
yet support.

Thanks,

Volker

------- Comment #5 From Henrik 2007-12-10 04:27:47 CST -------
Created an attachment (id=3035) [details]
WIn XP to Vista dir command showing a junction.

XP machine mounted a Vista share and did a dir /a. I can see that it identifies
the junction as a Reparse Point but with the difference that there is no
information to where the junctions points. Maybe we need SMB2 for that?

------- Comment #6 From Derrell Lipman 2007-12-12 20:52:18 CST -------
Henrik, 

I've been researching this topic.  Reparse points predate Vista, so SMB2 should
not be required.  However, to read a reparse point (which it seems is a
junction), the required library function is DeviceIoControl() using
FSCTL_GET_REPARSE_POINT.  The documentation subtree worth reviewing appears to
be:

  http://msdn2.microsoft.com/en-us/library/aa365503.aspx

I'm not sure that DeviceIoControl can be used over the network, although I'd be
a bit surprised if it could not be.  If you can provide me with a packet trace
that shows returning what the reparse point points to (using XP or W2K, not
Vista), I may be able to add that functionality.  You may be able to obtain
that using Windows commands or by writing an application which uses
DeviceIoControl().

Derrell

------- Comment #7 From Henrik 2007-12-18 04:49:05 CST -------
Hi Derrell,

I've been trying to get a pre-vista machine to issue a FCTL_GET_REPARSE_POINT
call but I can't I suppose its not due to the limitation of the SMB protocol
but rather there is no utility out there that uses FCTL_GET_REPARSE_POINT.
Maybe you can use the information on the technet article you showed me together
with the trace from Vista-Vista where the FCTL_GET_REPARSE_POINT is used?

I'll keep trying!

Cheers,
Henrik

------- Comment #8 From Derrell Lipman 2007-12-18 08:16:05 CST -------
The previous traces were all SMB2 traffic.  I don't think we're quite ready to
add SMB2 to Samba3.  (Samba4 supports it in some fashion, although to what
extent I'm not sure.)

> I'll keep trying!

Cool. :-)

There's got to be some application that uses it, but if not, if you can figure
out the semantics of the ioctl or library call, you should be able to write a
small app that issues the request and receives the response...  Yes?

Derrell

------- Comment #9 From Henrik 2007-12-19 03:18:12 CST -------
Created an attachment (id=3054) [details]
Dump of traffic showing use of FCTL_GET_REPARSE_POINT over SMB v1

Derrell,

Today is you lucky day! ( and mine =) )

I succeeded to issue a FCTL_GET_REPARSE_POINT over the SMB protocol! :)

Now work your magic! :D

Cheers,
Henrik

------- Comment #10 From Derrell Lipman 2007-12-19 13:02:33 CST -------
Cool!

Ok, after spending the morning doing more researching...  Here are a couple of
pretty good developer-oriented background articles:

  http://www.codeproject.com/KB/vista/ReparsePointID.aspx
  http://www.flexhex.com/docs/articles/hard-links.phtml

It seems possible to add handling of reparse points in the internal Samba
library.  It's less obvious how to map it to the POSIX-like interface of
libsmbclient.  In particular, how would one distinguish between a Junction
(which can only be on a directory) and a Symbolic Link if the latter is on a
directory?  

If I were to just return the Junction or SymLink data on a newly-created
smbc_lstat() call (ignoring the previous issue), I'd also want to create an
smbc_symlink() to create them...

I could possibly use the /??/ "unparse" header to distinguish between a
Junction and a SymLink by always returning that from smbc_lstat()... and then
similarly create a Juncion if the provided path begins with /??/ and a SymLink
otherwise.

And furthermore, if smbc_lstat() returns what a reparse point points to, then
what must smbc_stat() now do?  Follow the reparse point?  (I'm getting a
headache.)  I don't think I can follow it without breaking backward
compatibility unless I add an option specifying which procedure to use...  

(What about a MountPoint reparse point?  I suppose that would be done with a
smbc_mount() function which I don't plan to implement now.)

Still thinking, and open to suggestions.

Derrell

------- Comment #11 From Henrik 2007-12-20 04:16:30 CST -------
Good links! I found some other nice links regarding reparse points on
codeproject also.

To distinguish between junction and symlink I suppose the header is the only
way but I haven't looked that thoroughly on the SMB traffic regarding that yet.

I believe all these issues need to be looked at different angles to really get
a complete view on how to handle it but the most important features to start
with is.

a) Return a SMBC_LINK type OR a new type (SMBC_REPARSE_POINT?) when we come
upon a reparse point.

b) Implement a smbc_lstat function that can retrieve the target of the reparse
point and also type of reparse point (symlink/junction) if we don't do it
directly.

If we just know these things the programmer can determine what he/she wants to
do with it. I don't think we need to worry about following these reparse points
for starters. If a programmer wants to issue a smbc_stat on the target then he
should call a smbc_lstat first to determine the target.

Of course it would be great if we could handle them the same way we handle the
POSIX links but I guess we need more research to determine that. As always
windows has done a poor job implementing links functionality in their
filesystem.

Creating junctions/symlinks would be a really nice features also. I really
don't have any creative input on how yet but I think it would be quite straight
forward.

Thats my input for now. I'll keep thinking about it and give you any input I
come up with. You can message me directly on my e-mail if you want some more
feedback outside the bugreport.

Cheers,
Henrik

Bug 5288 - Request for native interface available through libsmbclient
Bug#: 5288 Product:  Samba 3.6 Version: unspecified Platform: All
OS/Version: All Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: derrell.lipman@unwireduniverse.com Reported By: derrell.lipman@unwireduniverse.com QA Contact: samba-qa@samba.org
Component: libsmbclient Target Milestone: ---
URL: 
Summary: Request for native interface available through libsmbclient
Keywords:  
Opened: 2008-02-28 21:15 CST
Description:   Opened: 2008-02-28 21:15 CST
Email with Alexander Larsson at Redhat:

> >  For instance, in gvfs when i want to "mount" a share I have to construct
> >  a smb://server/share/ uri and then stat that. If the stat succeeded I
> >  assume there is an outstanding connection to the share availible. If we
> >  get an EACCESS or other error we assume the mount failed.
>
> If you could have exactly the functionality and interface you desired
> in libsmbclient to solve this particular issue, what would it be?

I'm not really an expert in the lowlevel details of smb, so I can't say
exactly what the best API would be, but I can try to describe from a
highlevel point of view.

First of all, I'm not interested at all in the uri stuff. Especially the
weirdness of the smb: protocol wrt networ, workgroup and server
enumeration. Instead I'd like first class objects and method that map to
whats actually happening. I.e. a separate API to query for workgroups,
servers and shares that is not readdir() based.

Then I'd like the API to be explicitly stateful, meaning that in order
to access a server/share I have to create some kind of session object
and connect that to the server. Then I want to be able to send requests
to this session (based on share relative paths, not uri stuff). I also
want certain details to be exposed on the session object, like what
filename encoding the remote side has and whatever other details were
negotiated. And also information about the remote side version and
implementation if availible (so I could e.g. whitelist or blacklist
specific implementations).

Another important aspect is multiple outstanding requests, see below.

> >  I would like an API that is specific to smb, and exposes more the
> >  details of SMB. So, you'd have maybe an object for a session with a
> >  share, and an operation to connect to a share that returns said object.
>
> That's similar to the nt_create function mentioned previously.

Not sure exactly what this function would do.

> >  I'd also like the possibility to have multiple outstanding operations on
> >  a connection (is that possible with smb? i assume so). This could be
> >  done using threads and blocking calls, or using an asynchronous form of
> >  libsmbclient i/o calls.
>
> There's been other discussion of a plugable event system, which would
> also allow for the _possibility_ of async calls.  That won't be a
> trivial piece of work in any case, but it could be possible in the
> future.

They don't *have* to be async, but I need some way of having multiple
outstanding requests. Let me explain where this comes from. Gvfs is a
virtual filesystem in userspace, it lets you easily browse for and
access things like smb shares and ftp servers as a user (no need for
root access or admin setup).

Each "backend" is implemented as a daemon process that handles a
"mount", such as a connection to an smb share. All the processes in the
users desktop session talk to this daemon in order to do I/O on the
share. Now, with libsmb the daemon can only have one outstanding
operation, because libsmbclient is synchronous and not threadsafe. If
multiple processes do i/o on the share, or if a process does several
parallel async i/o request (which e.g. nautilus will do) then these will
all be serialized. And what is worse, they will be serialized on the
client side, meaning the latency from sending packets to the server is
added to the time waiting for the currently active operation.

The solution to this is either:
Allow multiple threads to call into libsmbclient so that each operation
can block and yet allow multiple outstanding requests.
Allow async calls so we can just emit the requests, and then handle the
request responses as they come back.

I undestand these are probably both very hard to do with the
libsmbclient codebase, but you asked for the ideal libsmbclient.

------- Comment #1 From Karolin Seeger 2010-01-25 08:43:39 CST -------
Too late for enhancements for 3.5. Raising version.

Bug 5813 - thread-safe issues
Bug#: 5813 Product:  Samba 3.5 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: derrell.lipman@unwireduniverse.com Reported By: derrell.lipman@unwireduniverse.com QA Contact: samba-qa@samba.org
Component: libsmbclient Target Milestone: ---
URL: 
Summary: thread-safe issues
Keywords:  
Opened: 2008-10-06 11:31 CST
Description:   Opened: 2008-10-06 11:31 CST
Once the samba core corrects thread safety issues, a few remain in
libsmbclient.  From mailing list discussion with David Collier-Brown:

    Ok, then there are only a few issues left in the whole directory:


Great, thanks!



    froggy> cat libsmbclient.report

    atof - convert string to double-precision number
       MT-Level: MT-Safe as  long  as setlocale(3C) is not
       called to change the locale.


How in the world can atof() be non-thread-safe?  Why would locale have anything
to do with it?  It returns a double and I can't think of any reason why it
would need to use any non-thread-safe features...???  Is strtod() deemed to be
more thread safe?

(note: apparently, some POSIX system were determined to have this failure. 
TBD: do we care about such brain damage?)




    ctime - convert date and time to string
       MT-Level: MT-Safe with exceptions
       the ctime(), gmtime(), and localtime()  functions
       are  safe  to  use  in multithread applications because they
       employ  thread-specific  data.   However,   their   use   is
       discouraged  because  standards  do  not  require them to be
       thread-safe. Use  asctime_r(), gmtime_r() and ctime_r(),


Yes, this is a real issue if the implementation does not use thread-specific
data.  The problem is that the _r functions are not standardized either (even
their existence) so using them doesn't really help.  I suppose one could add
ctime_r to libreplace...  

(some real systems were determined to not use thread-specific data in this
function.)

    getpass - read a string of characters without echo
       MT-Level: MT-Unsafe

    Found in:
    "./clidfs.c",
         209:


I think there's a more serious issue here.  getpass() is only called if no
password has been provided and kerberos is not in use.  Those things are
determined, however, via members of a static structure in cli_dfs.c (cm_creds)
which is clearly not appropriate for different threads providing different
credentials.  This is the kind of samba core issue (not libsmbclient-specific
code) I was talking about, that I think Jeremy indicated that he hopes to be
working on.

Bug 7393 - No FindNotify support
Bug#: 7393 Product:  Samba 3.6 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: derrell.lipman@unwireduniverse.com Reported By: hadess@hadess.net QA Contact: samba-qa@samba.org
Component: libsmbclient Target Milestone: ---
URL: 
Summary: No FindNotify support
Keywords:  
Opened: 2010-04-26 19:33 CST
Description:   Opened: 2010-04-26 19:33 CST
The FindNotify notification support should be exported to applications so that
user-space VFSes can implement support for it (in my particular case, so it can
be implemented in gvfs).

------- Comment #1 From Jeremy Allison 2010-04-26 19:48:57 CST -------
What does the gvfs FindNotify interface look like ? Can you point me at a
design document or source code so I can see what the calling API would look
like ?

Thanks,

Jeremy.

------- Comment #2 From Bastien Nocera 2010-04-27 03:27:14 CST -------
The equivalent is:
http://library.gnome.org/devel/gio/stable/GFileMonitor.html

The easiest probably is to offer a small interface on top of FindNotify that
exposes most of its functionality, and work out the kinks in the gvfs smb
backend.

Bug 7569 - samba3.2.15 smbclient hangs & chews up CPU
Bug#: 7569 Product:  Samba 3.2 Version: 3.2.15 Platform: Sparc
OS/Version: Solaris Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: derrell.lipman@unwireduniverse.com Reported By: angus.cameron@citi.com QA Contact: samba-qa@samba.org
Component: File services Target Milestone: ---
URL: 
Summary: samba3.2.15 smbclient hangs & chews up CPU
Keywords:  
Opened: 2010-07-15 17:40 CST
Description:   Opened: 2010-07-15 17:40 CST
Hi Derrell,
We have an issue where smbclient is intermittently hanging. It then proceeds to
chew up huge amounts of cpu and in one case so far, has caused a unix sever to
crash & reboot.

This has happened a handful of times on different UNIX servers trying to
smbclient to different windows servers. The only common theme is  it appears to
happen at roughly the same time and the smbclient is running on Solaris 10 UNIX
servers that reside in the same LDAP/KDC domain & are trying to authenticate to
a different LDAP/active directory windows domain.
I tried to run truss, but given the process hung some time ago, it provided no
output.
If I run the smbclient now, it works fine most of the time, the issue only pops
up every couple of weeks.
This is very difficult to try & troubleshoot as smbclient doesn’t appear to
generate any logs ( that I'm aware of). I noticed on a samba faq that smbclient
has been known to hang when used with the –c flag.  Have you seen this in the
past?
thanks  Angus

------- Comment #1 From Jeremy Allison 2010-07-15 18:36:05 CST -------
Can you test this with the latest 3.5.4 smbclient please ?
Jeremy.

------- Comment #2 From Angus Cameron 2010-07-25 19:01:08 CST -------
Hi Jeremy,

Is there a specific bug that you are aware of that this issue may relate to? Is
it possible that there may be a fix for the version that I'm running?  The
resaon I ask is the company I work work will not allow me to download samba
3.5.4, there is a process where our engineering team need to test and pkg
freeware before allowing us to deploy it into the environment.

Thanks

Angus

------- Comment #3 From Volker Lendecke 2010-07-26 01:55:34 CST -------
If you need specific support for 3.2.15, please refer to

http://www.samba.org/samba/support/

There are companies listed with Samba skills that can help you with releases
that are not supported anymore by the Samba Team. This kind of problem might be
a bit difficult to analyze completely without access to such a box, so you
might better pay someone to get a timely response or who can sign an NDA to log
in to your net.

Volker

------- Comment #4 From Derrell Lipman 2010-08-12 08:43:59 CST -------
smbclient != libsmbclient. Correcting component.

Bug 7649 - Unable to login with kerberos
Bug#: 7649 Product:  Samba 3.5 Version: 3.5.4 Platform: Other
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: derrell.lipman@unwireduniverse.com Reported By: felipe.contreras@gmail.com QA Contact: samba-qa@samba.org
Component: libsmbclient Target Milestone: ---
URL: 
Summary: Unable to login with kerberos
Keywords:  
Opened: 2010-08-25 17:34 CST
Description:   Opened: 2010-08-25 17:34 CST
I have a kerberos ticket, I have pam_krb5 configured, and yet, I can't login
through kerberos.

This works:
smbclient -U user -W G -L //foo.com/bar

This doesn't:
smbclient -U user -W G -L //foo.com/bar -k

This is with -d3

---
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
added interface eth0 ip=fe80::216:41ff:fee3:8ae0%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=172.21.41.66 bcast=172.21.41.255 netmask=255.255.254.0
Client started (version 3.5.4-63.fc13).
tdb(unnamed): tdb_open_ex: could not open file /var/lib/samba/gencache.tdb:
Permission denied
resolve_lmhosts: Attempting lmhosts lookup for name foo.com<0x20>
resolve_wins: Attempting wins lookup for name foo.com<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name foo.com<0x20>
Connecting to 10.x.x.x at port 445
Doing spnego session setup (blob length=124)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
cli_session_setup_spnego: got a bad server principal, trying to guess ...
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE
---

Bug 7893 - CIFS tickets vs. <host>$ tickets
Bug#: 7893 Product:  Samba 3.5 Version: 3.5.4 Platform: x64
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: derrell.lipman@unwireduniverse.com Reported By: nigelbenns@rogers.com QA Contact: samba-qa@samba.org
Component: libsmbclient Target Milestone: ---
URL: 
Summary: CIFS tickets vs. <host>$ tickets
Keywords:  
Opened: 2010-12-29 12:23 CST
Description:   Opened: 2010-12-29 12:23 CST
I found a behaviour difference between Windows and Samba.
I was actually having this problem:
https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=622790

I see that it is fixed with this patch:
https://bugzilla.samba.org/show_bug.cgi?id=7890

But I still have a question about the difference I came across.
First some background:

I have been able to browse windows shares from Linux/Gnome/Nautilus no problem,
except that sometimes I was able to see the shares on the host, but was
prompted for a password when I tried to go into the folders.

So I could access \\<host> and it would get a Kerberos ticket of <host>$@REALM,
but when I tried to access \\<host>\<share> the authentication would fail and I
would get prompted via NTLM.  It turned out this was only happening on EMC
Celerra hosts.

I was looking at the differences between how Windows was requesting tickets and
how Linux/Samba was doing it.

In Windows if I access a share on our server, we get a ticket for
cifs/<host>@REALM, but in Samba, we get <host>$@REALM.

In order to tell this, I have been using kerbtray.exe in the Windows support
tools pack.  I am running Windows XP and the servers are 2003/2008.

If I take a look at AD, I get spns of:

servicePrincipalName: cifs/<hostFQDN>
servicePrincipalName: cifs/<host>
servicePrincipalName: host/<hostFQDN>
servicePrincipalName: host/<host>

no userPrincipalName for this account.
The cifs service principal is ONLY on EMC Celerra hosts, nothing else, though I
get tickets of cifs/ for hosts that DO NOT have the cifs/ SPN assigned to them
as well (for a domain controller or a member server hosting shares).

I don't know if the cifs principal is "there by default" so that any host can
implement sharing, or if its some other spooky thing, but it seems 'proper' to
be using a service principal instead of the user principal to access the shares
as they are a service.

Something as crazy as this could only be from Microsoft.

I don't know if you want to do anything about this per se, but it is a
difference between your implementation and Microsoft's, so I though I would
bring it to your attention.

Thanks!

------- Comment #1 From Stefan (metze) Metzmacher 2010-12-29 13:52:47 CST -------
I guess this is already fixed in v3-6-test and master, see
http://gitweb.samba.org/?p=samba.git;a=commit;h=f13404e27b00f826a11684e69cff82ae0023fc91

------- Comment #2 From Stefan (metze) Metzmacher 2010-12-29 13:55:45 CST -------
AD has this
sPNMappings:
host=alerter,appmgmt,cisvc,clipsrv,browser,dhcp,dnscache,replicator,eventlog,eventsystem,policyagent,oakley,dmserver,dns,mcsvc,fax,msiserver,ias,messenger,netlogon,netman,netdde,netddedsm,nmagent,plugplay,protectedstorage,rasman,rpclocator,rpc,rpcss,remoteaccess,rsvp,samss,scardsvr,scesrv,seclogon,scm,dcom,cifs,spooler,snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,www,http,w3svc,iisadmin,msdtc
on the 
CN=Directory Service,CN=Windows NT,CN=Services,${CONFIGDN}
object.

That's why cifs/* principal doesn't need to be specified explicitly.

Bug 7943 - libsmbclient does not set errno of ECONNREFUSED
Bug#: 7943 Product:  Samba 3.5 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: derrell.lipman@unwireduniverse.com Reported By: hamano@osstech.co.jp QA Contact: samba-qa@samba.org
Component: libsmbclient Target Milestone: ---
URL: 
Summary: libsmbclient does not set errno of ECONNREFUSED
Keywords:  
Opened: 2011-02-01 22:47 CST
Description:   Opened: 2011-02-01 22:47 CST
smbc_open_fn and smbc_stat_fn, other function always set ETIMEDOUT when connect
failure.
Therefore, we could not determine connection refused and actual connection
timed.
I created patch that libsmbclient return ECONNREFUSED when connection refused.
Thanks.

------- Comment #1 From Tsukasa Hamano 2011-02-01 22:49:49 CST -------
Created an attachment (id=6241) [details]
patch for 3.2

------- Comment #2 From Tsukasa Hamano 2011-02-01 22:50:12 CST -------
Created an attachment (id=6242) [details]
patch for 3.5

Bug 1915 - net rpc [printer|share] migrate is not documented in manpage
Bug#: 1915 Product:  Samba 3.6 Version: unspecified Platform: All
OS/Version: Linux Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: gd@samba.org QA Contact: samba-docs-qa@samba.org
Component: Docs Target Milestone: ---
URL: 
Summary: net rpc [printer|share] migrate is not documented in manpage
Keywords:  
Opened: 2004-10-11 15:08 CST
Description:   Opened: 2004-10-11 15:08 CST
net rpc [printer|share] migrate is not documented in manpage.

Maybe the howto-collection is a better place for that?

------- Comment #1 From Gerald (Jerry) Carter 2005-02-01 12:01:24 CST -------
updating qa contact

------- Comment #2 From Gerald (Jerry) Carter 2005-02-07 09:26:00 CST -------
guenther,  a short howto would be the best solution for this I think.  
Similar to how I did the 'net rpc rights' docs (and jht translated into xml).

------- Comment #3 From John H Terpstra 2005-02-07 13:41:06 CST -------
Guenther, 
 
Please send me any docs you can put together, I will gladly clean it up and 
fold it into the appropriate place/s in the documentation. Just give me 
sufficient info and I'll take it from there. 
 
Cheers, 
John T. 

------- Comment #4 From Karolin Seeger 2009-12-02 04:59:25 CST -------
Updating product.

------- Comment #5 From Karolin Seeger 2010-03-30 09:37:42 CST -------
Updating product.

Bug 3546 - winbind failing when mapping groups from AD withou SFU attributes defined
Bug#: 3546 Product:  Samba 3.0 Version: 3.0.21b Platform: x86
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: vanedu@inf.furb.br QA Contact: samba-qa@samba.org
Component: winbind Target Milestone: none
URL: 
Summary: winbind failing when mapping groups from AD withou SFU attributes defined
Keywords:  
Opened: 2006-02-23 08:36 CST
Description:   Opened: 2006-02-23 08:36 CST
When using options idmap backend = idmap_ad and winbind nss info = sfu and a
user is member of a group that doesn't have SFU attributes defined on AD,
getent passwd user fail completelly. Only when all the groups a user is a
member of have SFU attributes defined is that getent passwd user works.
For example: on AD userA is member of groups "Domain Users" and "GroupUnixA".
If both groups has SFU attributes defined, everything works ok. But if, for
example, group "Domain Users" doesn't have SFU attributes defined but
GroupUnixA has, getent passwd userA will fail and will return no information or
errors.
I think that on this scenario, it should return at least the information of
GroupUnixA, ignoring the group Domain Users.

------- Comment #1 From Vandeir Eduardo 2006-03-02 08:16:03 CST -------
(In reply to comment #0)
> When using options idmap backend = idmap_ad and winbind nss info = sfu and a
> user is member of a group that doesn't have SFU attributes defined on AD,
> getent passwd user fail completelly. Only when all the groups a user is a
> member of have SFU attributes defined is that getent passwd user works.
> For example: on AD userA is member of groups "Domain Users" and "GroupUnixA".
> If both groups has SFU attributes defined, everything works ok. But if, for
> example, group "Domain Users" doesn't have SFU attributes defined but
> GroupUnixA has, getent passwd userA will fail and will return no information or
> errors.
> I think that on this scenario, it should return at least the information of
> GroupUnixA, ignoring the group Domain Users.
> 

I saw in bug 3062 that others people are getting this problems too. I think
winbindd should work like nss_ldap, where it only maps AD groups that have SFU
attributes defined and ignore the ones that doens't have.
This behavior would be great because is not allways desirable that all groups a
user is member off on AD should be mapped/used on the unix side.

------- Comment #2 From Gerald (Jerry) Carter 2006-04-20 08:03:38 CST -------
severity should be determined by the developers and not the reporter.

Bug 3751 - Speed up 'getent passwd' on AD domains with LDAP filter
Bug#: 3751 Product:  Samba 3.6 Version: unspecified Platform: All
OS/Version: All Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: bob.gautier@rabobank.com QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: Speed up 'getent passwd' on AD domains with LDAP filter
Keywords:  
Opened: 2006-05-04 09:38 CST
Description:   Opened: 2006-05-04 09:38 CST
In winbindd_ads.c the function query_user_list() generates a list of *all*
users in AD - not just the ones with valid (SFU) attributes.  If you are
relying on SFU attributes (e.g. using idmap_ad) then any users without SFU
attributes won't be valid and will be excluded by the idmap backend when it
makes a further, failing, LDAP query per-user.  A simple extension to the LDAP
filter used in query_user_list() can ask only for user objects that have (an)
SFU attribute(s).

Of course this filtering isn't appropriate when the idmap backend is expected
to provide uidNumber and gidNumber (e.g. idmap_rid).  So the patch I'm going to
offer applies the filter optionally.  In my example, the filtering happens if
'winbind nss info = sfu' is in effect.  Arguably a new parameter could be
introduced but we have lots of those already.

Where the number of users with SFU attributes is small compared to the total
number of users in AD this produces an enormous performance improvement.

------- Comment #1 From Bob Gautier 2006-05-04 09:43:21 CST -------
Created an attachment (id=1887) [details]
Restrict query_user_list results to users with SFU attribute

This is a gendiff patch that searches for users that have the uidNumber
attribute (or whatever AD calls it) iff 'winbind nss info = sfu' is in effect.

If there is no memory for the extended filter, it falls back to getting all
users, which saves an error path but of course in that case something is likely
to fail later on anyway.

------- Comment #2 From Guenther Deschner 2006-06-13 06:02:08 CST -------
The problem I see with this approach is this:

what if you just rely on the tdb based idmapping and just want to have homedir,
shell, etc. filled in by SFU attributes ? Then all non SFU users will be
excluded in the query already. 

We could have a keyword like "sfu_only" for the "winbind nss info" though...

------- Comment #3 From Bob Gautier 2006-06-13 06:23:59 CST -------
In reply to comment #2:

Yes, point taken, and I had that scenario in mind when I posted the bug
initially.  I probably chose a poor attribute to filter on: at the time I was
more interested in seeing if it would improve performance and reduce LDAP
traffic.

Actually the technique will work for any SFU or RFC2307 attribute - it just
filters users that have a value set for an attribute.  So you could use (er...)
logonShell instead.  The point of the patch is to avoid getting users that have
*none* of the SFU/RFC2307 attributes, based on the assumption that if they have
one of them, they are likely to have all (or all that this site wants to set).

So how about filtering on a different attribute, one from the more traditional
'nss info' set, such as homeDirectory, logonShell, gecos?
(Or indeed all of them: that might be the path of least surprise: if you
configure 'winbind nss info = sfu' then no user appears until they have *all*
the necessary attributes.)

> We could have a keyword like "sfu_only" for the "winbind nss info" though...

If it used a better choice of attribute(s) to filter on, I don't think this
patch would create any surprises for someone configuring 'sfu' or 'rfc2307' so
I'd prefer not to see another keyword.

Thanks for looking at this.

------- Comment #4 From Karolin Seeger 2010-01-25 08:44:13 CST -------
Too late for enhancements for 3.5. Raising version.

Bug 4161 - Crash winbindd in name_deadbeef
Bug#: 4161 Product:  Samba 3.0 Version: 3.0.23c Platform: x86
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: kurensky@mail.ru QA Contact: samba-qa@samba.org
Component: winbind Target Milestone: none
URL:  http://www.samotlor.info
Summary: Crash winbindd in name_deadbeef
Keywords:  
Opened: 2006-10-10 22:34 CST
Description:   Opened: 2006-10-10 22:34 CST
Hi!
Winbindd core dumped with:

  ===============================================================
[2006/10/11 02:01:00, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 6 in pid 3397 (3.0.23c)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2006/10/11 02:01:00, 0] lib/fault.c:fault_report(44)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2006/10/11 02:01:00, 0] lib/fault.c:fault_report(45)
  ===============================================================
[2006/10/11 02:01:00, 0] lib/util.c:smb_panic(1592)
  PANIC (pid 3397): internal error
[2006/10/11 02:01:00, 0] lib/util.c:log_stack_trace(1699)
  BACKTRACE: 26 stack frames:
   #0 winbindd(log_stack_trace+0x2d) [0xa1a5dd]
   #1 winbindd(smb_panic+0x75) [0xa1a485]
   #2 winbindd [0xa05766]
   #3 /lib/tls/libc.so.6 [0x1c1eb8]
   #4 /lib/tls/libc.so.6(abort+0x1d5) [0x1c34e5]
   #5 winbindd [0xa414e2]
   #6 winbindd [0xa41765]
   #7 winbindd(cli_krb5_get_ticket+0x242) [0xa41c42]
   #8 winbindd(spnego_gen_negTokenTarg+0x62) [0xa437d2]
   #9 winbindd [0xb04682]
   #10 winbindd [0xb049ae]
   #11 winbindd(ads_sasl_bind+0x150) [0xb052a0]
   #12 winbindd(ads_connect+0x1ea) [0xafe12a]
   #13 winbindd [0xb0b06a]
   #14 winbindd(ads_do_search_retry+0x46) [0xb0b356]
   #15 winbindd(ads_search_retry+0x3f) [0xb0b40f]
   #16 winbindd [0x9b7a64]
   #17 winbindd [0x9a2419]
   #18 winbindd [0x99718e]
   #19 winbindd(winbindd_getgrgid+0x2ba) [0x9981ba]
   #20 winbindd [0x992e77]
   #21 winbindd [0x9930b8]
   #22 winbindd [0x99433a]
   #23 winbindd(main+0x5c5) [0x994945]
   #24 /lib/tls/libc.so.6(__libc_start_main+0xda) [0x1af78a]
   #25 winbindd [0x992732]
[2006/10/11 02:01:01, 0] lib/fault.c:dump_core(173)
  dumping core in /var/log/samba/cores/winbindd

System config:
Linux laz 2.4.21-37.ELsmp #1 SMP Wed Sep 7 13:28:55 EDT 2005 i686 i686 i386
GNU/Linux

Samba Version 3.0.23c

Compile option with RHEL standart packaging:
rpm -qa |grep samba

samba-debuginfo-3.0.23c-4
samba-common-3.0.23c-4
samba-3.0.23c-4
samba-swat-3.0.23c-4
samba-client-3.0.23c-4
samba-doc-3.0.23c-4

Kerberos:
rpm -qa |grep krb

krbafs-utils-1.1.1-11
krb5-libs-1.2.7-47
pam_krb5-1.75-1
krb5-workstation-1.2.7-47
krbafs-1.1.1-11
krb5-server-1.2.7-47
krbafs-devel-1.1.1-11
krb5-devel-1.2.7-47

Smb config - global section:

[global]
        workgroup = SAMOTLOR
        realm = SAMOTLOR.NIPS.RU
        server string = Laz Samba Server
        interfaces = eth0, 127.0.0.1
        bind interfaces only = Yes
        security = ADS
        log file = /var/log/samba/log.smbd
        max log size = 500
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = No
        printcap name = /etc/printcap
        show add printer wizard = No
        os level = 33
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /home/%U
        template shell = /bin/bash
        winbind cache time = 10
        password server = BASE


GDB output:
gdb /usr/sbin/winbindd /var/log/samba/cores/winbindd/core.3397
GNU gdb Red Hat Linux (6.3.0.0-0.30.1rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/tls/libthread_db.so.1".

Core was generated by `winbindd'.
Program terminated with signal 6, Aborted.
#0  0x001c1cdf in name_deadbeef ()
(gdb) bt
#0  0x001c1cdf in name_deadbeef ()
#1  0x00207a5d in dyn_CONFIGFILE ()
#2  0x002ce898 in ?? ()
#3  0x00000000 in ?? ()
(gdb)

------- Comment #1 From Guido Leenders 2006-11-23 11:09:53 CST -------
Created an attachment (id=2232) [details]
Core dump

------- Comment #2 From Guido Leenders 2006-11-23 11:14:17 CST -------
Seem to have the same problem.
Running on SLES 9.
Upgraded from default installed 3.0.4 to 3.0.23d. Samba package and setup was
only component changed.

Infrastructure:
Samba on fileserver SLES9, connecting to Active Directory server W2003.

Setup was changed when going to 3.0.23 from security=domain to ads. Following
guidelines and succesfully connected through kerberos.

Winbind crashes sometimes within minutes after a restart, sometimes it takes
hours.

Core info (also attached):
Core was generated by `/usr/sbin/winbindd -s /etc/samba/smb.conf'.
Program terminated with signal 6, Aborted.

Smb.conf excl services:
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SuSE
# Date: 2005-01-28
[global]
        wide links = yes
        follow symlinks = yes
        workgroup = ACME
        realm = ACME.LOCAL
        security = ADS
        os level = 1
        server string = Samba 3023d
        unix extensions = yes
        encrypt passwords = yes
        map to guest = Bad User
        printing = CUPS
        printcap name = CUPS
        socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
        wins support = No
        veto files = /*.eml/*.nws/riched20.dll/*.{*}/
        syslog = 1
        syslog only = no
        log level = 1
        password server = WS08.ACME.LOCAL
        disable spoolss=yes
        show add printer wizard=no
        idmap uid=15000-20000
        idmap gid=15000-20000
        winbind use default domain=yes
        winbind separator=+
        template shell=/bin/ksh
        template homedir=/home/%D/%U
        max log size = 0
        winbind enum users=yes
        winbind enum groups=yes

log.wb-BUILTIN:
[2006/11/23 18:01:03, 4] nsswitch/winbindd_dual.c:fork_domain_child(913)
  child daemon request 54
[2006/11/23 18:01:03, 3]
nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(950)
  [ 4640]: getsidaliases
[2006/11/23 18:01:03, 4] nsswitch/winbindd_dual.c:fork_domain_child(913)
  child daemon request 20
[2006/11/23 18:01:03, 3] nsswitch/winbindd_async.c:winbindd_dual_lookupsid(613)
  [ 4640]: lookupsid S-1-5-32-545
[2006/11/23 18:01:03, 3] nsswitch/winbindd_dual.c:child_read_request(49)
  Got invalid request length: 0

log.wb-WS02:
[2006/11/23 18:01:03, 4] nsswitch/winbindd_dual.c:fork_domain_child(913)
  child daemon request 54
[2006/11/23 18:01:03, 3]
nsswitch/winbindd_async.c:winbindd_dual_getsidaliases(950)
  [ 4640]: getsidaliases
[2006/11/23 18:01:03, 3] nsswitch/winbindd_dual.c:child_read_request(49)
  Got invalid request length: 0

log.winbindd-idmap:
[2006/11/23 18:01:03, 4] nsswitch/winbindd_dual.c:fork_domain_child(913)
  child daemon request 45
[2006/11/23 18:01:03, 3] nsswitch/winbindd_async.c:winbindd_dual_sid2gid(388)
  [ 4640]: sid to gid S-1-5-32-545
[2006/11/23 18:01:03, 3] passdb/lookup_sid.c:store_gid_sid_cache(1071)
  store_gid_sid_cache: gid 15123 in cache -> S-1-5-32-545
[2006/11/23 18:01:03, 3] nsswitch/winbindd_dual.c:child_read_request(49)
  Got invalid request length: 0

nmbd and smbd run fine and stable.

------- Comment #3 From Guido Leenders 2006-11-24 16:38:10 CST -------
Additional info from log.winbindd:
[2006/11/23 19:58:02, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(370)
  group 0 in domain INVANTIVE does not exist
[2006/11/23 20:58:10, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(370)
  group 0 in domain INVANTIVE does not exist
[2006/11/23 21:58:03, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(370)
  group 0 in domain INVANTIVE does not exist
[2006/11/23 22:58:02, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(370)
  group 0 in domain INVANTIVE does not exist
[2006/11/23 23:58:02, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(370)
  group 0 in domain INVANTIVE does not exist
[2006/11/24 05:43:21, 0] nsswitch/winbindd.c:process_loop(818)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 05:43:21, 0] nsswitch/winbindd.c:process_loop(837)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 05:43:56, 0] nsswitch/winbindd.c:process_loop(818)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 05:43:56, 0] nsswitch/winbindd.c:process_loop(837)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 05:44:31, 0] nsswitch/winbindd.c:process_loop(818)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 05:44:31, 0] nsswitch/winbindd.c:process_loop(837)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 05:45:00, 0] nsswitch/winbindd.c:process_loop(818)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 05:45:00, 0] nsswitch/winbindd.c:process_loop(837)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 05:45:06, 0] nsswitch/winbindd.c:process_loop(818)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 05:45:06, 0] nsswitch/winbindd.c:process_loop(837)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 05:45:35, 0] nsswitch/winbindd.c:process_loop(818)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 05:45:35, 0] nsswitch/winbindd.c:process_loop(837)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 05:45:41, 0] nsswitch/winbindd.c:process_loop(818)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 05:45:41, 0] nsswitch/winbindd.c:process_loop(837)
... keeps repeat till ...
[2006/11/24 10:00:00, 0] nsswitch/winbindd.c:process_loop(837)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 10:04:00, 0] nsswitch/winbindd.c:process_loop(818)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 10:04:00, 0] nsswitch/winbindd.c:process_loop(837)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 10:04:35, 0] nsswitch/winbindd.c:process_loop(818)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 10:04:35, 0] nsswitch/winbindd.c:process_loop(837)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 10:05:10, 0] nsswitch/winbindd.c:process_loop(818)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 10:05:10, 0] nsswitch/winbindd.c:process_loop(837)
  winbindd: Exceeding 200 client connections, no idle connection found
[2006/11/24 10:05:10, 0] nsswitch/winbindd_dual.c:fork_domain_child(765)
  Could not open child pipe: Too many open files
[2006/11/24 10:05:40, 0] lib/fault.c:fault_report(41)
  ===============================================================
[2006/11/24 10:05:40, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 6 in pid 9893 (3.0.23d-0.1.38-1074:1075-SUSE-SLES9)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2006/11/24 10:05:40, 0] lib/fault.c:fault_report(44)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2006/11/24 10:05:40, 0] lib/fault.c:fault_report(45)
  ===============================================================
[2006/11/24 10:05:40, 0] lib/util.c:smb_panic(1599)
  PANIC (pid 9893): internal error
[2006/11/24 10:05:40, 0] lib/util.c:log_stack_trace(1706)
  BACKTRACE: 16 stack frames:
   #0 /usr/sbin/winbindd(log_stack_trace+0x22) [0x80f2b5b]
   #1 /usr/sbin/winbindd(smb_panic+0x6f) [0x80f29fa]
   #2 /usr/sbin/winbindd [0x80e0e5f]
   #3 /usr/sbin/winbindd [0x80e0e70]
   #4 [0xffffe420]
   #5 /lib/tls/libc.so.6(abort+0x129) [0x40272cd9]
   #6 /usr/sbin/winbindd [0x80f80c4]
   #7 /usr/sbin/winbindd(talloc_get_name+0x11) [0x80f85e7]
   #8 /usr/sbin/winbindd(talloc_check_name+0x23) [0x80f8627]
   #9 /usr/sbin/winbindd(talloc_check_name_abort+0x1e) [0x80f4bf1]
   #10 /usr/sbin/winbindd [0x809e2c4]
   #11 /usr/sbin/winbindd [0x807a33e]
   #12 /usr/sbin/winbindd [0x807ae69]
   #13 /usr/sbin/winbindd(main+0x6ae) [0x807b83b]
   #14 /lib/tls/libc.so.6(__libc_start_main+0xe0) [0x4025f250]
   #15 /usr/sbin/winbindd [0x8079bb1]
[2006/11/24 10:05:40, 0] lib/fault.c:dump_core(173)
  dumping core in /var/log/samba/cores/winbindd

------- Comment #4 From Guido Leenders 2006-12-18 04:27:43 CST -------
Retested on 3.0.23d.
Same problem:
[2006/12/18 11:17:02, 1] nsswitch/winbindd.c:main(958)
  winbindd version 3.0.23d-0.1.38-1074:1075-SUSE-SLES9 started.
  Copyright The Samba Team 2000-2004
[2006/12/18 11:17:16, 0] lib/fault.c:fault_report(41)
  ===============================================================
[2006/12/18 11:17:16, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 11 in pid 9589 (3.0.23d-0.1.38-1074:1075-SUSE-SLES9)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2006/12/18 11:17:16, 0] lib/fault.c:fault_report(44)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2006/12/18 11:17:16, 0] lib/fault.c:fault_report(45)
  ===============================================================
[2006/12/18 11:17:16, 0] lib/util.c:smb_panic(1599)
  PANIC (pid 9589): internal error
[2006/12/18 11:17:16, 0] lib/util.c:log_stack_trace(1706)
  BACKTRACE: 27 stack frames:
   #0 /usr/sbin/winbindd(log_stack_trace+0x22) [0x80f2b5b]
   #1 /usr/sbin/winbindd(smb_panic+0x6f) [0x80f29fa]
   #2 /usr/sbin/winbindd [0x80e0e5f]
   #3 /usr/sbin/winbindd [0x80e0e70]
   #4 [0xffffe420]
   #5 /usr/lib/libkrb5.so.17 [0x400b8d12]
   #6 /usr/sbin/winbindd(kerberos_kinit_password_ext+0x121) [0x81cec3b]
   #7 /usr/sbin/winbindd(kerberos_kinit_password+0x4e) [0x81cf7ec]
   #8 /usr/sbin/winbindd(cli_session_setup_spnego+0x368) [0x810fcc8]
   #9 /usr/sbin/winbindd [0x8093513]
   #10 /usr/sbin/winbindd [0x8094ecf]
   #11 /usr/sbin/winbindd(init_dc_connection+0x70) [0x80952b1]
   #12 /usr/sbin/winbindd(cm_connect_lsa+0x24) [0x8095fa8]
   #13 /usr/sbin/winbindd(msrpc_sid_to_name+0x96) [0x8097a56]
   #14 /usr/sbin/winbindd [0x80871df]
   #15 /usr/sbin/winbindd [0x809ceed]
   #16 /usr/sbin/winbindd(fill_passdb_alias_grmem+0x79) [0x809d331]
   #17 /usr/sbin/winbindd [0x807d9b3]
   #18 /usr/sbin/winbindd(winbindd_getgrent+0x714) [0x8080166]
   #19 /usr/sbin/winbindd [0x807a0a4]
   #20 /usr/sbin/winbindd [0x807a9d9]
   #21 /usr/sbin/winbindd [0x807a871]
   #22 /usr/sbin/winbindd [0x807a33e]
   #23 /usr/sbin/winbindd [0x807ae69]
   #24 /usr/sbin/winbindd(main+0x6ae) [0x807b83b]
   #25 /lib/tls/libc.so.6(__libc_start_main+0xe0) [0x4025f250]
   #26 /usr/sbin/winbindd [0x8079bb1]
[2006/12/18 11:17:16, 0] lib/fault.c:dump_core(173)
  dumping core in /var/log/samba/cores/winbindd

------- Comment #5 From Guido Leenders 2006-12-18 04:29:29 CST -------
Created an attachment (id=2240) [details]
Core dump of winbindd

------- Comment #6 From Denis Häußer 2006-12-28 03:24:53 CST -------
*** Bug 4304 has been marked as a duplicate of this bug. ***

------- Comment #7 From Guenther Deschner 2007-02-20 08:10:16 CST -------
Can you all please recheck with recent 3.0.24 packages and see if that error
persists?

------- Comment #8 From Guido Leenders 2007-02-24 06:52:28 CST -------
Installed 3.0.24.
Join AD according to
http://www.zdnetasia.com/insight/network/0,39044847,39081966-2,00.htm
Still panic:

In log.wb-INVANTIVE:

[2007/02/24 13:49:57, 0] lib/fault.c:fault_report(41)
  ===============================================================
[2007/02/24 13:49:57, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 11 in pid 14092 (3.0.24-5.1.52-1205-SUSE-SLES9)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2007/02/24 13:49:57, 0] lib/fault.c:fault_report(44)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2007/02/24 13:49:57, 0] lib/fault.c:fault_report(45)
  ===============================================================
[2007/02/24 13:49:57, 0] lib/util.c:smb_panic(1599)
  PANIC (pid 14092): internal error
[2007/02/24 13:49:57, 0] lib/util.c:log_stack_trace(1706)
  BACKTRACE: 29 stack frames:
   #0 /usr/sbin/winbindd(log_stack_trace+0x22) [0x80f3c4b]
   #1 /usr/sbin/winbindd(smb_panic+0x6f) [0x80f3aea]
   #2 /usr/sbin/winbindd [0x80e1f4f]
   #3 /usr/sbin/winbindd [0x80e1f60]
   #4 [0xffffe420]
   #5 /usr/lib/libkrb5.so.17 [0x400b7d12]
   #6 /usr/sbin/winbindd(kerberos_kinit_password_ext+0x121) [0x81d08eb]
   #7 /usr/sbin/winbindd(ads_kinit_password+0x109) [0x81d0c73]
   #8 /usr/sbin/winbindd [0x81c7d20]
   #9 /usr/sbin/winbindd(ads_sasl_bind+0x129) [0x81c84c2]
   #10 /usr/sbin/winbindd(ads_connect+0x2aa) [0x81c1810]
   #11 /usr/sbin/winbindd [0x809ae83]
   #12 /usr/sbin/winbindd [0x809d751]
   #13 /usr/sbin/winbindd [0x8084e24]
   #14 /usr/sbin/winbindd [0x80852c8]
   #15 /usr/sbin/winbindd [0x808852f]
   #16 /usr/sbin/winbindd(winbindd_dual_list_trusted_domains+0xa6) [0x80919cb]
   #17 /usr/sbin/winbindd [0x809f831]
   #18 /usr/sbin/winbindd [0x80a0dec]
   #19 /usr/sbin/winbindd [0x809f497]
   #20 /usr/sbin/winbindd(async_request+0x15a) [0x809f0bc]
   #21 /usr/sbin/winbindd(init_child_connection+0x233) [0x8081f28]
   #22 /usr/sbin/winbindd(async_domain_request+0xfb) [0x809f5f2]
   #23 /usr/sbin/winbindd [0x8081a33]
   #24 /usr/sbin/winbindd(rescan_trusted_domains+0x37) [0x8081ce9]
   #25 /usr/sbin/winbindd [0x807ae4c]
   #26 /usr/sbin/winbindd(main+0x6ae) [0x807ba4b]
   #27 /lib/tls/libc.so.6(__libc_start_main+0xe0) [0x4025e250]
   #28 /usr/sbin/winbindd [0x8079d71]
[2007/02/24 13:49:57, 0] lib/fault.c:dump_core(173)
  dumping core in /var/log/samba/cores/winbindd

In samba.log:
[2007/02/24 13:49:57, 1] nsswitch/winbindd_util.c:trustdom_recv(234)
  Could not receive trustdoms

I will upload the core dump.

Please note that the error changed, maybe I did something wrong when joining AD
and winbind was not so friendly in it's reaction. I don't see name_deadbeef
anymore.

smbclient //<IP adres of AD server/c$ -k 

works fine, without asking password.

------- Comment #9 From Guido Leenders 2007-02-24 07:28:51 CST -------
Created an attachment (id=2308) [details]
Core dump

Bug 4238 - Setting printdrivers leads to smbd panic.
Bug#: 4238 Product:  Samba 3.0 Version: 3.0.23c Platform: x86
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: antti.t.niemi@tkk.fi QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: none
URL: 
Summary: Setting printdrivers leads to smbd panic.
Keywords:  
Opened: 2006-11-20 08:06 CST
Description:   Opened: 2006-11-20 08:06 CST
Hi,

I've stumbled into a following smbd panic problem, which I think may be a bug.
This is also reproducible.

The setup is RHEL4 on a Dell PowerEdge 2950 server. Target is to integrate
printingservices to this server by using samba and cups. Samba installed is
samba-3.0.23c and the version of CUPS is cups-1.2.5. AD environment consist of
several w2k3 servers, +20000 users and +400 different groups.

Definition of the bug is as follows: 
I've setup samba-3.0.23c together with cups-1.2.5 to serve as a print server
for linux workstations and WinXP workstations in a 2003 Servers based AD
domain. I have successfully joined the domain without no probs. Using XP
workstation, I can see I'm getting authenticated and all the printers are
visible. By issuing net rpc rights grant 'DOMAIN\printerAdmins'
SePrintOperatorPrivilege, I have succesfully granted printeradmin rights for
the correct Windows group. Now if I try to migrate printer drivers and settings
from a printserver running W2K3 server using net "rpc printer MIGRATE ALL
printername -U admin -S printserver.somedomain.com" results in a few errors as
follows: 

cannot set printer-info: WERR_UNKNOWN_LEVEL
could not set printerdataex: WERR_INVALID_NAME

Now, if I stop-start smbd it results in internal error.

In smbd.log I see the following:
[2006/11/14 14:31:24, 0] lib/fault.c:fault_report(41)
  ===============================================================
[2006/11/14 14:31:24, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 11 in pid 24181 (3.0.23c)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2006/11/14 14:31:24, 0] lib/fault.c:fault_report(44)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2006/11/14 14:31:24, 0] lib/fault.c:fault_report(45)
  ===============================================================
[2006/11/14 14:31:24, 0] lib/util.c:smb_panic(1592)
  PANIC (pid 24181): internal error
[2006/11/14 14:31:24, 0] lib/util.c:log_stack_trace(1699)
  BACKTRACE: 12 stack frames:
   #0 smbd(log_stack_trace+0x26) [0xb9d095]
   #1 smbd(smb_panic+0x76) [0xb9cf20]
   #2 smbd [0xb8b0b0]
   #3 smbd [0xb8b0be]
   #4 /lib/tls/libpthread.so.0 [0x16f898]
   #5 smbd(ads_destroy+0x72) [0xc12dfe]
   #6 smbd(check_published_printers+0x24d) [0xbc533c]
   #7 smbd(nt_printing_init+0x4e8) [0xbbe0e0]
   #8 smbd(print_backend_init+0x1c3) [0xbb78ef]
   #9 smbd(main+0x65a) [0xc2d960]
   #10 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x491de3]
   #11 smbd [0xa0a259]
[2006/11/14 14:31:24, 0] lib/util.c:smb_panic(1600)
  smb_panic(): calling panic action [/bin/sleep 999999]

Attaching gdb to the sleeping process gives the following backtrace:

#0  0x0072a7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x00507453 in __waitpid_nocancel () from /lib/tls/libc.so.6
#2  0x004b1349 in do_system () from /lib/tls/libc.so.6
#3  0x0016f78d in system () from /lib/tls/libpthread.so.0
#4  0x00b9cf99 in smb_panic () from /l/samba/sbin/smbd
#5  0x00b8b0b0 in fault_report () from /l/samba/sbin/smbd
#6  0x00b8b0be in sig_fault () from /l/samba/sbin/smbd
#7  <signal handler called>
#8  0x004df325 in free () from /lib/tls/libc.so.6
#9  0x00c12dfe in ads_destroy () from /l/samba/sbin/smbd
#10 0x00bc533c in check_published_printers () from /l/samba/sbin/smbd
#11 0x00bbe0e0 in nt_printing_init () from /l/samba/sbin/smbd
#12 0x00bb78ef in print_backend_init () from /l/samba/sbin/smbd
#13 0x00c2d960 in main () from /l/samba/sbin/smbd

If I use WinXP as a client machine and setup printer properties from the XP
workstation, the outcome is the same. I can upload the drivers to the samba
server, but after clicking apply and ok, smbd always crashes. In the logs is
following:

clientmachine.log:

[2006/11/20 15:54:47, 5] printing/nt_printing.c:nt_printer_publish_ads(3016)
  publishing printer HP LaserJet 4350 PS
smbd: ../../../libraries/libldap/unbind.c:49: ldap_unbind_ext: Assertion `(
(ld)->ld_options.ldo_valid == 0x2 )' failed.
[2006/11/20 15:54:47, 0] lib/fault.c:fault_report(41)
  ===============================================================
[2006/11/20 15:54:47, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 6 in pid 6035 (3.0.23d)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2006/11/20 15:54:47, 0] lib/fault.c:fault_report(44)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2006/11/20 15:54:47, 0] lib/fault.c:fault_report(45)
  ===============================================================
[2006/11/20 15:54:47, 0] lib/util.c:smb_panic(1599)
  PANIC (pid 6035): internal error
[2006/11/20 15:54:47, 0] lib/util.c:log_stack_trace(1706)
  BACKTRACE: 32 stack frames:
   #0 smbd(log_stack_trace+0x26) [0x3c20cb]
   #1 smbd(smb_panic+0x76) [0x3c1f56]
   #2 smbd [0x3b0060]
   #3 smbd [0x3b006e]
   #4 /lib/tls/libpthread.so.0 [0x185898]
   #5 /lib/tls/libc.so.6(abort+0xe9) [0xce4209]
   #6 /lib/tls/libc.so.6(__assert_fail+0x101) [0xcdbd91]
   #7 /usr/lib/libldap-2.2.so.7(ldap_unbind_ext+0x8a) [0xb38b48]
   #8 /usr/lib/libldap-2.2.so.7(ldap_unbind+0x39) [0xb38ba5]
   #9 smbd(ads_destroy+0x3d) [0x438b75]
   #10 smbd(nt_printer_publish+0x2f2) [0x3ea82d]
   #11 smbd [0x30302d]
   #12 smbd(_spoolss_setprinter+0x197) [0x3031d6]
   #13 smbd [0x2f4118]
   #14 smbd(api_rpcTNP+0x251) [0x328c71]
   #15 smbd(api_pipe_request+0x106) [0x328998]
   #16 smbd [0x322050]
   #17 smbd [0x322219]
   #18 smbd [0x3228e3]
   #19 smbd [0x322adf]
   #20 smbd(write_to_pipe+0xfc) [0x322a4d]
   #21 smbd [0x247e5c]
   #22 smbd [0x2480b8]
   #23 smbd [0x248304]
   #24 smbd(reply_trans+0x628) [0x248978]
   #25 smbd [0x292744]
   #26 smbd [0x2927d4]
   #27 smbd [0x292b49]
   #28 smbd(smbd_process+0x158) [0x293990]
   #29 smbd(main+0xa37) [0x454744]
   #30 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0xccfde3]
   #31 smbd [0x22d3e9]
[2006/11/20 15:54:47, 0] lib/util.c:smb_panic(1607)
  smb_panic(): calling panic action [/bin/sleep 999999]

After deleting /var/locks/ntprinters.tdb I'm able to get the smbd services up
and running.

This also happened with samba-3.0.22 and samba-3.0.23d.

smb.conf:

Load smb config files from /l/samba/lib/smb.conf
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
        workgroup = ABC
        realm = ABC.DEF.GH
        server string = CUPS2 Print server
        security = ADS
        log level = 10
        log file = /var/log/samba/%m.log
        max log size = 1000
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = /etc/printcap
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        panic action = /bin/sleep 999999
        idmap uid = 100000-180000
        idmap gid = 100000-180000
        admin users = root, username, ABC\username
        cups options = raw

[printers]
        comment = All Printers
        path = /var/spool/samba
        admin users = +ABC\printerAdmins, root, username
        write list = +ABC\printerAdmins, root, username
        printable = Yes
        browseable = No

[print$]
        comment = Printer Drivers
        path = /l/windrivers
        admin users = +ABC\printerAdmins, ABC\username, root, username
        write list = +ABC\printerAdmins, ABC\username, root, username
        read only = No
        guest ok = Yes

If required, I'll gladly dig out more information. 

BR,

Antti

------- Comment #1 From Antti Niemi 2006-11-30 04:31:12 CST -------
This is now solved. We did not want to publish the printers before they would
be fully configured, so our Windows administrators removed read rights from
samba server object's security descriptor "Authenticated Users".

Analyzing the network traffic released, that DC didn't return any LDAP
attributes to the samba servers LDAP search request. "Surprisingly" giving read
rights to the Authenticated Users security descriptor solved this problem.

However, I still think this as a bug, because it shouldn't cause smbd to panic
during restart. If requested, I can provide thorough information for developers
to fix this.

BR, 

Antti

------- Comment #2 From Karolin Seeger 2009-12-02 04:19:39 CST -------
Is this still an issue in Samba 3.4?

Bug 4337 - rpcclient setdriver WERR_ACCESS_DENIED without 'printer admin'
Bug#: 4337 Product:  Samba 3.0 Version: 3.0.23d Platform: x86
OS/Version: FreeBSD Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: fabian@wenks.ch QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: none
URL: 
Summary: rpcclient setdriver WERR_ACCESS_DENIED without 'printer admin'
Keywords:  
Opened: 2007-01-12 09:09 CST
Description:   Opened: 2007-01-12 09:09 CST
After the upgrade from Samba 3.0.22 to 3.0.23d rpcclient setdriver (as the only
part from our modified cupsaddsmb, which allows to submit the password) did not
work anymore. Also all admin options in the printer properties dialog from a
Windows client are greyed out. The user/group which needs access to admin the
printers have the SePrintOperatorPrivilege permissions granted.

The only error message was from the rpcclient command:

# rpcclient printer -N -U'cupssmb%abcdefgh' -c 'setdriver hpr_e86 hpr_e86'
result was WERR_ACCESS_DENIED
#

After adding "printer admin" options to the [printers] section it was working
again (even from the Windows Client):

# rpcclient printer -N -U'cupssmb%abcdefgh' -c 'setdriver hpr_e86 hpr_e86'
Succesfully set hpr_e86 to driver hpr_e86.
# 

With this workaround the message "WARNING: The "printer admin" option is
deprecated" is logged.


Some details about our setup:
- running the PDC on a other server also with Samba 3.0.23d
[global]
   enable privileges = yes
   smb passwd file = /var/lib/samba/winpdc/smbpasswd
   security = user

- relevant configuration on the print server
[global]
   load printers = yes
   show add printer wizard = yes
   printcap name = cups
   printing = cups
   security = domain
   password server = WINPDC
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   public = yes   
   guest ok = yes 
   writable = no  
   printable = yes
   printer admin = +ntdomprt

- on both (PDC and printer) servers the same unix users and groups are
available through NIS

------- Comment #1 From Timur Bakeyev 2007-06-03 06:15:17 CST -------
(In reply to comment #0)
> After the upgrade from Samba 3.0.22 to 3.0.23d rpcclient setdriver (as the only
> part from our modified cupsaddsmb, which allows to submit the password) did not
> work anymore. Also all admin options in the printer properties dialog from a
> Windows client are greyed out. The user/group which needs access to admin the
> printers have the SePrintOperatorPrivilege permissions granted.

As a wild guess - coold it be the result of the problems with primary group in
recent Sambas? Try new 3.0.25a version, which aims to address this problem.

With regards,
Timur

------- Comment #2 From Fabian Wenk 2007-08-30 09:28:39 CST -------
Sorry for the long delay.

Yes, it could be about the primary group problems.

But as I do not have this kind of setup available at the moment, I can not test
it myself. I had forwarded this report to my former co-workers, but as far as I
know they did not yet update to any of the 3.0.25x versions of Samba.

------- Comment #3 From Mark Gannon 2009-03-10 12:41:49 CST -------
I currently am experiencing this bug using Lenny from a Debian Live CD.  I've
created debug level 10 reports both with the failure and the subsequent success
(after setting the printer admin parameter in smb.conf).  In the attached
debugs, I the samba system is polyspool (192.168.2.145) and the client system
using rpcclient is scooby (192.168.2.2).

------- Comment #4 From Mark Gannon 2009-03-10 12:43:07 CST -------
Created an attachment (id=3988) [details]
Debug Level 10 Output demonstrating the bug occuring 

------- Comment #5 From Mark Gannon 2009-03-10 12:43:56 CST -------
Created an attachment (id=3989) [details]
Debug Level 10 Output showing success after changing the printer admin
parameter

Bug 4610 - Printer status on vista
Bug#: 4610 Product:  Samba 3.0 Version: 3.0.25 Platform: Other
OS/Version: Windows XP Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: ahmed.feroz@wipro.com QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: none
URL: 
Summary: Printer status on vista
Keywords:  
Opened: 2007-05-10 07:21 CST
Description:   Opened: 2007-05-10 07:21 CST
Im facing a problem with vista. When I download a driver in vista the 
printer status is getting changed from ready to driver update needed 
if I click some of tabs in the installed driver. When I posted a 
query in Microsoft forum they replied that if some of the fields such 
as time,date, etc are different on server and client then the status 
changes from ready to driver update needed. My doubt is the 
driver file that are on server and client are same but still the 
vista is considering there is some thing different and changing the 
status to driver update needed. Do you have any idea bout vista 
sending any sort of update requests to server in order to sink some 
of the parameters on server and client. more over this kind of problem occurs
when we upgrade XP to vista.

Bug 4666 - Refuse machine password change is not obeyed
Bug#: 4666 Product:  Samba 3.6 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: dm@belkam.com QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: Refuse machine password change is not obeyed
Keywords:  
Opened: 2007-05-28 00:25 CST
Description:   Opened: 2007-05-28 00:25 CST
If I set this windows domain members still can change passwords, I see this
comparing smbpasswd with yesterday copy.

------- Comment #1 From Guenther Deschner 2007-05-29 04:59:28 CST -------
Just to get you correct: You want that domain members don't change their
MACHINE account password (not the USER account passwords), as that is what the
"refuse machine password change" policy is for. Correct?

------- Comment #2 From Dmitry Melekhov 2007-05-29 05:03:42 CST -------
Yes, this is correct.
I want PDC to reject password changes from machines.

------- Comment #3 From Simo Sorce 2007-06-09 13:52:19 CST -------
Created an attachment (id=2744) [details]
Patch to obey Refus eMachine Change Password Policy

Can you test this patch and see if it fixes your problem?

------- Comment #4 From Dmitry Melekhov 2007-06-13 23:49:17 CST -------
unfortunately, machines still can change passwords :-(

------- Comment #5 From Dmitry Melekhov 2007-06-21 22:43:14 CST -------
more interesting is that I added debug output to this patched function and I
see that it is never called for changing machine password...

------- Comment #6 From Dmitry Melekhov 2007-08-29 22:26:23 CST -------
Hello!

Looks like I found right place for patch

--- samba-3.0.22.orig/source/rpc_server/srv_netlog_nt.c
+++ samba-3.0.22/source/rpc_server/srv_netlog_nt.c
@@ -463,6 +463,7 @@
        uint32 acct_ctrl;
        DOM_CRED cred_out;
        const uchar *old_pw;
+       uint32 refuse;

        if (!p->dc || !p->dc->authenticated) {
                return NT_STATUS_INVALID_HANDLE;
@@ -507,6 +508,14 @@
                return NT_STATUS_ACCOUNT_DISABLED;
        }

+       if (pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, &refuse) &&
refuse) {
+                               DEBUG(1, ("Machine %s cannot change password
now, "
+                                         "denied by Refuse Machine Password
Change policy\n",
+                                         workstation));
+               pdb_free_sam(&sampass);
+               return NT_STATUS_ACCOUNT_RESTRICTION;
+       }
+
        /* Woah - what does this to to the credential chain ? JRA */
        cred_hash3( pwd, q_u->pwd, p->dc->sess_key, 0);

Hope it will be included in next release :-)

------- Comment #7 From Gerald (Jerry) Carter 2007-08-30 07:21:56 CST -------
Please don't mark a bug as fixed until the change is made in 
the upstream code base.  Also, in the future please attach patches
and not include them inline.  Thanks.

------- Comment #8 From Dmitry Melekhov 2007-09-10 06:27:38 CST -------
Looks like NT_STATUS_ACCOUNT_RESTRICTION is wrong status code.
According to http://support.microsoft.com/kb/154501 
"future attempts to change the password are prevented (by returning a distinct
status code)."
but machines try to change password again and again...

------- Comment #9 From Dmitry Melekhov 2007-09-21 01:39:57 CST -------
NT_STATUS_WRONG_PASSWORD is the best I found.
It  doesn't work as should, but machines tries to change password only at boot,
i.e. once per day,not every 20 minutes :-) 

------- Comment #10 From Stefan (metze) Metzmacher 2010-02-21 06:49:49 CST -------
Shouldn't we fix that in 3.6.x?

Bug 5369 - "Operation could not be completed" when trying to access "Printing Preferences"
Bug#: 5369 Product:  Samba 3.0 Version: 3.0.24 Platform: x86
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: kenneth.floen@xerox.com QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: none
URL: 
Summary: "Operation could not be completed" when trying to access "Printing Preferences"
Keywords:  
Opened: 2008-04-02 12:10 CST
Description:   Opened: 2008-04-02 12:10 CST
When sharing a printer driver for point and print through SAMBA, some drivers
will work and others not. The problem is when driver has been pulled down to
the client, you cannot access printing preferences. I have been trying the
xerox 5665 drivers, and they do not work. Basically, I install a print queue on
Ubuntu, using CUPS. Then I share the queues via SAMBA, and add a print$ share
via which I upload the Xerox drivers (for Windows). When I hook up to the
shared network printer from an XP client, SAMBA correctly pushes down the
driver and XP creates a print object under "Printers and Faxes", but when I try
to access the object's "printing preferences", I get a "Operation could not be
completed" message, and am not able to change printer settings. This is not a
Xerox driver issue, as the driver works perfectly in a "pure" Windows
server/client environment, for which the driver was originally created. So this
is an example of SAMBA failing to recreate/emulate said Windows environment. On
this note, is all Windows drivers SUPPOSED to work this way with SAMBA? What's
your take on 3rd party driver sharing, all your manuals ever talk about is the
ADOBE PS driver and the CUPS driver for windows, but you do not mention if you
are compatible with other 3rd party drivers for Windows. Thanks for answers.

------- Comment #1 From Darren Naessens 2008-11-29 11:22:29 CST -------
Currently running 3.0.30. Will try 3.2.5 on Monday and report back.

(In reply to comment #0)

I have the same problem with a xerox driver. I have 2 different xerox devices.
One is five years old (Phaser 7300) and had no driver issues, nor has any other
driver for other printers, about 6 or 7 drivers in use which are a mixture of
Canon, HP and Epson). 

The other machine is a Xerox 7232 and whichever driver is used (from xerox
website), PCL 5 or 6, Postscript or the global driver - all behave in the same
fashion of reporting 'operation could not be completed' when trying to view
properties or do anything with it. I will have a third xerox machine shortly
(couple of weeks) and will see if it's drivers behave in the same way.

I have tried a few things:

* remove tdb files
* remove all printer drivers and reinstall just the xerox driver

This is the first issue I have had on this server (running for over 2 years
without issue).

If I install the driver directly onto to a client there are no issues. 

Installing via printing and faxes seems ok no error messages and the log shows
the files and status ok for each one. 

When attempting to install the driver onto a client, things start to behave odd
and the error message appears.

Trying to view properties on the machine its was installed from the driver does
the same thing.

The log appears to show something strange going on:

[2008/11/27 13:02:13, 2] smbd/close.c:close_normal_file(406)
  root closed file W32X86/3/x2txt01.dll (numopen=48) NT_STATUS_OK
[2008/11/27 13:02:13, 2] smbd/open.c:open_file(391)
  Admin opened file W32X86/3/x2utilC7.dll read=Yes write=No (numopen=49)
[2008/11/27 13:02:13, 2] smbd/close.c:close_normal_file(406)
  root closed file W32X86/3/x2utilC7.dll (numopen=48) NT_STATUS_OK
[2008/11/27 13:02:13, 2] smbd/open.c:open_file(391)
  Admin opened file W32X86/3/x2utilC7.dll read=No write=No (numopen=49)
[2008/11/27 13:02:13, 2] smbd/open.c:open_file(391)
  Admin opened file W32X86/3/x2utilC7.dll read=Yes write=No (numopen=50)
[2008/11/27 13:02:13, 2] smbd/close.c:close_normal_file(406)
  root closed file W32X86/3/x2utilC7.dll (numopen=49) NT_STATUS_OK
[2008/11/27 13:02:13, 2] smbd/open.c:open_file(391)
  Admin opened file W32X86/3/x2utilC7.dll read=Yes write=No (numopen=50)
[2008/11/27 13:02:13, 2] smbd/close.c:close_normal_file(406)
  root closed file W32X86/3/x2utilC7.dll (numopen=49) NT_STATUS_OK
[2008/11/27 13:02:13, 2] smbd/open.c:open_file(391)

This occurs when a client tries to view properties or install the driver
(repeats for quite a bit for each file related to the driver).

from smb.conf

[printers]
        comment = Network Printers
        path = /var/spool/samba
        public = Yes
        guest ok = Yes
        writeable = Yes
        printable = Yes

[print$]
        comment = Printer Drivers
        path = /etc/samba/drivers
        browseable = Yes
        guest ok = Yes

If further info is required I will be happy to provide it, will try out 3.2.5
on a test machine and report back.

------- Comment #2 From Guenther Deschner 2009-04-29 08:29:52 CST -------
Would it also be possible to try the upcoming 3.4 release ? We have reworked
the spoolss server quite a bit there.

------- Comment #3 From Darren Naessens 2009-04-29 08:59:01 CST -------
(In reply to comment #2)
> Would it also be possible to try the upcoming 3.4 release ? We have reworked
> the spoolss server quite a bit there.
> 

I will try and make time to do this, Is there a 3.4 release date yet?

------- Comment #4 From raouf riahi 2009-04-29 11:28:50 CST -------
> I will try and make time to do this, Is there a 3.4 release date yet?


I think the final version 3.4 is available on the site

------- Comment #5 From Volker Lendecke 2009-04-29 11:30:33 CST -------
No, that's 3.3.4, not 3.4.

Volker

------- Comment #6 From Kenneth Floen 2009-04-29 11:43:04 CST -------
(In reply to comment #2)
> Would it also be possible to try the upcoming 3.4 release ? We have reworked
> the spoolss server quite a bit there.

I am interested in testing this. Can you provide a link to download the source?
Thanks.

------- Comment #7 From Karolin Seeger 2009-04-30 03:17:01 CST -------
Planned release date for 3.4.0 is July 1, 2009.
3.4.0pre1 will be released today, so you can find that one later on at
samba.org.

------- Comment #8 From Darren Naessens 2009-05-28 15:22:13 CST -------
I am having trouble compiling 3.4.0pre1 at the moment:
../lib/talloc/talloc.c:50:21: error: replace.h: No such file or directory
Is there a minimum requirement for gcc etc? Running gcc 4.0.2...
Hopefully I will figure it out, get it compiled and report back as requested.

------- Comment #9 From Nec 2009-06-18 08:00:20 CST -------
Same issue with three printers : 7232, 3300 and 3600.
Samba 3.0.20.something, so for sure it may not work.

Willing to try with a freshly-compiled samba...

------- Comment #10 From Matthieu Patou 2009-06-18 14:05:52 CST -------
Darren could you have a look at this bug : 6296.
https://bugzilla.samba.org/show_bug.cgi?id=6296
It looks like that I had the sames problems with my 7232. I found a trick to
make it for in samba 3.3 (and 3.4rc as well).

I talked with  Guenther Deschner and he said that he was working on a solution.

------- Comment #11 From Darren Naessens 2009-06-19 08:45:25 CST -------
Thank you Matthieu!

I will have a go at following the same principle behind your workaround to get
the other xerox printers working as well. (If I ever get samba to compile
correctly!). 

Thanks Guenther for working on solving this permanently.

Bug 5432 - password changing failed via pam_winbind on Solaris
Bug#: 5432 Product:  Samba 3.3 Version: 3.3.9 Platform: Other
OS/Version: Solaris Status: NEW Severity: critical Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: fumiyas@osstech.co.jp QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: password changing failed via pam_winbind on Solaris
Keywords:  
Opened: 2008-04-30 04:59 CST
Description:   Opened: 2008-04-30 04:59 CST
When user tries to change his/her password via pam_winbind.so,
pam_set_item(3PAM) is called twice (at _winbind_read_password() and
pam_sm_chauthtok() in nsswitch/pam_winbind.c) with PAM_OLDAUTHTOK
and the old password. The second pam_set_item() call (at pam_sm_chauthtok())
is redundantly because the old password for pam_set_item() has same
value (pointer to char*) before (at _winbind_read_password()).

_winbind_read_password(..., const char **pass) {
  ...
  authtok_flag = on(WINBIND__OLD_PASSWORD, ctrl) ? PAM_OLDAUTHTOK :
PAM_AUTHTOK;
  ...
  retval = pam_set_item(pamh, authtok_flag, token);
  _pam_delete(token);     /* clean it up */
  if (retval != PAM_SUCCESS || 
      (retval = _pam_get_item(pamh, authtok_flag, &item)) != PAM_SUCCESS) {
          _pam_log(pamh, ctrl, LOG_CRIT, "error manipulating password");
          return retval;
  }
  *pass = item;
  ...
}

pam_sm_chauthtok() {
  ...
  if (flags & PAM_PRELIM_CHECK) {
    ret = _winbind_read_password(..., (const char **) &pass_old);
    ...
    ret = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *) pass_old);
    ...
  } else if (flags & PAM_UPDATE_AUTHTOK) {
    ...
  }
  ...
}

On the other hand, on Solaris, the pam_set_item() call clears
the previous set password (by pam_set_item()) in PAM informations
(maybe security reason). For example:

  const char *item;
  ## Get PAM_OLDAUTHTOK data from PAM
  pam_get_item(pamh, PAM_OLDAUTHTOK, &item);
  ## Put item to PAM_OLDAUTHTOK data in PAM
  ##   1. Clear previous PAM_OLDAUTHTOK data (in *item) in PAM
  ##   2. Set new data (in *item) as PAM_OLDAUTHTOK  in PAM
  pam_set_item(pamh, PAM_OLDAUTHTOK, &item);
  ## Get PAM_OLDAUTHTOK data from PAM again
  pam_get_item(pamh, PAM_OLDAUTHTOK, &item);
  ## Show PAM_OLDAUTHTOK (it is broken on Solaris)
  puts(item);

That is why, password changing failed via pam_winbind.so on Solaris.

------- Comment #1 From SATOH Fumiyasu 2008-04-30 05:03:08 CST -------
Created an attachment (id=3271) [details]
Proposed patch: Remove redundant pam_set_item() call

------- Comment #2 From SATOH Fumiyasu 2009-02-05 07:47:13 CST -------
Created an attachment (id=3922) [details]
Updated patch for 3.2.8 (v3-2-test)

Remove a redundant pam_set_item() call for a PAM
item "PAM_OLDAUTHTOK" because it was already stored
in _winbind_read_password() or a previous stacked
PAM module.

------- Comment #3 From Karolin Seeger 2009-07-28 02:02:06 CST -------
Raising version number as requested by the reporter.

------- Comment #4 From Karolin Seeger 2009-09-29 03:12:53 CST -------
Any volunteer to review the patches?
Would be nice to include the patches in 3.3.8.

Bug 5722 - net rpc vampire fails to import machine accounts correctly
Bug#: 5722 Product:  Samba 3.3 Version: 3.3.3 Platform: x64
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: marcaurel@gmx.de QA Contact: samba-qa@samba.org
Component: Client tools Target Milestone: ---
URL: 
Summary: net rpc vampire fails to import machine accounts correctly
Keywords:  
Opened: 2008-08-27 09:44 CST
Description:   Opened: 2008-08-27 09:44 CST
when i start sucking a pdc in my ldapserver the following
errors come up with every machineaccount on the pdc:


1.)
Creating account: SP1$
/usr/sbin/smbldap-usermod: user SP1_ doesn't exist
[2008/08/27 14:09:45,  0] groupdb/mapping.c:smb_set_primary_group(312)
  smb_set_primary_group: Running the command `/usr/sbin/smbldap-usermod -g
'Domain Users' 'SP1_'' gave 1

2.)
User SP1_ does not exist: create it first !


what instantly strikes is that there is an _ instead
of the $ in the pcname which cannot work.
I guess the second error comes up when the script tries to set
the correct password!? Afterwards nevertheless there are
machineaccount-passwords in the ldap-database but they seem
wrong because machineconnects fail.
everything else is flawlessly imported (users, groups, groupmemberships).
i didn't change anything in the configuration which worked
perfectly with vampire in 3.0.x


ExampleLDAPentry of the above mentioned machine after import:
-------------------------------------------------------------

dn: uid=SP1$,ou=Computers,dc=test,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: sambaSamAccount
cn: SP1$
uid: SP1$
uidNumber: 1071
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
structuralObjectClass: account
entryUUID: be6e3366-087c-102d-9d48-4b401f1e60f4
creatorsName: cn=manager,dc=test,dc=com
createTimestamp: 20080827120929Z
sambaSID: S-1-5-21-378104194-1064922793-1509252994-1090
sambaPrimaryGroupSID: S-1-5-21-378104194-1064922793-1509252994-513
sambaNTPassword: 5C49A9927C59942A46F193C41446FFD5
sambaPwdLastSet: 1162907539
sambaAcctFlags: [W          ]
entryCSN: 20080827120929.102086Z#000000#000#000000
modifiersName: cn=manager,dc=test,dc=com
modifyTimestamp: 20080827120929Z


smb.conf (suck-configuration)
-----------------------------

[global]
    workgroup = PRESSFK
    netbios name = DEBIANPDC
    wins server = 192.168.200.3

    ## Domäne
    #########
    domain master = No
    domain logons = Yes
    passdb backend = ldapsam:ldap://127.0.0.1

    ## Benutzerverwaltung ldapsam
    #############################
    add user script = /usr/sbin/smbldap-useradd -m '%u'
    delete user script = /usr/sbin/smbldap-userdel '%u'
    add machine script = /usr/sbin/smbldap-useradd -w '%u'
    add group script = /usr/sbin/smbldap-groupadd -p '%g'
    delete group script = /usr/sbin/smbldap-groupdel '%g'
    add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
    delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
    set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

    ## LDAP
    #######
    ldap suffix = dc=test,dc=com
    ldap admin dn = cn=manager,dc=test,dc=com
    ldap machine suffix = ou=Computers
    ldap user suffix = ou=People
    ldap group suffix = ou=Groups
    ldap idmap suffix = ou=Idmap
    ldap passwd sync = Yes
    ldap delete dn = Yes
     ldap ssl = No

------- Comment #1 From Jeremy Allison 2008-08-29 19:23:00 CST -------
Yes, that's going to happen as we're trying not to get any meta-characters into
our account database (machine accounts are normally created by net join
activity). I'll take a look at this to see what can be done to fix it.
Jeremy.

------- Comment #2 From Sébastien Prud'homme 2008-10-03 16:47:35 CST -------
The problem is the same if you create a machine account with srvmgr.exe.

I don't understand why Samba 3.2 is trying to set the primary group sid of a
machine account. Is this a normal behaviour? Isn't the POSIX stuff enought?

By default the idealx scripts creates a machine account with a primary gid that
corresponds to a "Domain Computers" posix group/samba group mapping. Then Samba
3.2 seems to check whether the machine account is in "Domain Users" group and
try to correct this if its not the case (first the POSIX stuff with
smb_set_primary_group then sambaPrimaryGroupSID in LDAP)

Unfortunately smb_set_primary_group doesn't like trailing dollars. I'm not sure
but perhaps it's because of the use of talloc_string_sub instead of
talloc_string_sub2 with the right parameters:

add_script = talloc_string_sub(ctx,
        add_script, "%u", unix_user)

But as i said before, i really don't understand why Samba 3.2 is trying to set
the primary group sid of a machine account.

------- Comment #3 From Greg Bis 2009-04-28 04:21:57 CST -------
I'm using Samba 3.3.3 with the same results. Whenever I try to create a machine
account with srvmgr.exe, the error occures. As I've done some further
investigations on the internet, the same situation occured with Samba 3.0.7.
http://www.mail-archive.com/samba@lists.samba.org/msg47210.html

------- Comment #4 From Guenther Deschner 2011-02-09 09:17:23 CST -------
Metze, isnt that exactly the issue you resolved very recently ?

Bug 6046 - pam_winbind error on 64bit
Bug#: 6046 Product:  Samba 3.2 Version: 3.2.7 Platform: x64
OS/Version: Linux Status: NEW Severity: critical Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: gaylen.wong@usma.edu QA Contact: samba-qa@samba.org
Component: Winbind Target Milestone: ---
URL: 
Summary: pam_winbind error on 64bit
Keywords:  
Opened: 2009-01-16 16:55 CST
Description:   Opened: 2009-01-16 16:55 CST
Machine:  Dell 2950
Operating system:  Red Hat Enterprise Linux version 5.2, 64-bit

We use Samba to authenticate and authorize users to gain access to our Linux
servers.  User account info and credentials reside on Windows Active Directory
(LDAP) servers.

*******************************************************************************
Problem:  Apparently pam_winbind fails to get the credentials for any AD user
          account for any application that requires user authentication and
          authorization hence no AD user can use the system.

Pertinent log messages from /var/log/secure:

--------------------------------------------------------------------------------
Jan 16 12:15:46 democracy sshd[31902]: Invalid user dg7108 from 134.240.18.70
Jan 16 12:15:46 democracy sshd[31903]: input_userauth_request: invalid user
dg7108
Jan 16 12:16:00 democracy sshd[31902]: pam_winbind(sshd:auth): getting password
(0x00000000)
Jan 16 12:16:00 democracy sshd[31902]: pam_winbind(sshd:auth):
pam_winbind_request: write to socket failed!
Jan 16 12:16:00 democracy sshd[31902]: pam_winbind(sshd:auth): internal module
error (retval = 3, user = 'dg7108')
Jan 16 12:16:00 democracy sshd[31902]: pam_unix(sshd:auth): check pass; user
unknown
Jan 16 12:16:00 democracy sshd[31902]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=usmawkddth17620.eecs.usma.edu 
Jan 16 12:16:00 democracy sshd[31902]: pam_succeed_if(sshd:auth): error
retrieving information about user dg7108
Jan 16 12:16:02 democracy sshd[31902]: Failed password for invalid user dg7108
from 134.240.18.70 port 44485 ssh2
Jan 16 12:16:10 democracy sshd[31902]: pam_winbind(sshd:auth): getting password
(0x00000000)
Jan 16 12:16:10 democracy sshd[31902]: pam_winbind(sshd:auth):
pam_winbind_request: write to socket failed!
Jan 16 12:16:10 democracy sshd[31902]: pam_winbind(sshd:auth): internal module
error (retval = 3, user = 'dg7108')
Jan 16 12:16:10 democracy sshd[31902]: pam_unix(sshd:auth): check pass; user
unknown
Jan 16 12:16:10 democracy sshd[31902]: pam_succeed_if(sshd:auth): error
retrieving information about user dg7108
Jan 16 12:16:13 democracy sshd[31902]: Failed password for invalid user dg7108
from 134.240.18.70 port 44485 ssh2
Jan 16 12:16:15 democracy sshd[31903]: Connection closed by 134.240.18.70
Jan 16 12:16:15 democracy sshd[31902]: PAM 1 more authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=usmawkddth17620.eecs.usma.edu
-------------------------------------------------------------------------------

No apparent build or installation messages were observed.

All proper configuration was done. 

NOTE:  We have about 20 other Linux servers running a 32-bit version of this
operating system in which Samba has worked very well for 4-5 years.  This is
the
only 64-bit Linux server we have which I just stood up.

Except for the authentication piece other parts of Samba do work:

Logged in as local root:

1.  I can get the correct output for:  wbinfo -n <AD_USER>

2.  cd ~<AD_USER>

3.  getent passwd <AD_USER> produces the correct output.

On a AD windows PC or Laptop I can map my Linux account directory to the 
windows machine logical drive.

I have tried different versions:  3.0.28a, 3.0.31, 3.0.33, 3.2.7
All with the same result.

Bug 6165 - Enum type mismatch warnings in libnetapi.c
Bug#: 6165 Product:  Samba 3.3 Version: 3.3.1 Platform: Sparc
OS/Version: Solaris Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: john.center@villanova.edu QA Contact: samba-qa@samba.org
Component: File services Target Milestone: ---
URL: 
Summary: Enum type mismatch warnings in libnetapi.c
Keywords:  
Opened: 2009-03-05 12:46 CST
Description:   Opened: 2009-03-05 12:46 CST
Building 64-bit binaries with Sun Studio 12, on Solaris 10 SPARC.  I see the
following warnings:

"lib/netapi/libnetapi.c", line 74: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 120: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 164: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 214: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 262: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 306: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 352: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 396: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 440: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 490: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 536: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 578: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 633: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 679: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 725: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 773: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 825: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 873: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 927: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 971: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1017: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1069: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1115: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1157: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1210: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1258: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1304: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1348: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1392: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1447: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1495: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1541: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1583: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1629: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1677: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1730: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1778: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1826: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1881: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1929: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 1971: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 2017: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 2061: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 2114: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 2160: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 2208: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 2250: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 2296: warning: enum type mismatch: op "="
"lib/netapi/libnetapi.c", line 2353: warning: enum type mismatch: op "="

This may be "just" warnings, but I wouldn't expect to see so many of them at
one go.

------- Comment #1 From Volker Lendecke 2009-03-05 12:53:39 CST -------
I have no clue what you are compiling, but it can't be Samba 3.3.1:

wc -l lib/netapi/netapi.c
348 lib/netapi/netapi.c

384 lines.

Volker

------- Comment #2 From Volker Lendecke 2009-03-05 12:54:19 CST -------
s/384/348/

------- Comment #3 From John Center 2009-03-05 13:07:55 CST -------
Not lib/netapi/netapi.c but lib/netapi/libnetapi.c:

wc -l source/lib/netapi/libnetapi.c
2355 source/lib/netapi/libnetapi.c

        -John

------- Comment #4 From Volker Lendecke 2009-03-05 13:18:19 CST -------
sorry

------- Comment #5 From Derrell Lipman 2009-03-31 07:56:09 CST -------
enum NET_API_STATUS is declared locally in librpc/gen_ndr/libnetapi.h. This
enum is used in the definition of the out struct of, for example, struct
NetJoinDomain also in libnetapi.h

In source/lib/netapi/libnetapi.c, NetJoinDomain(), for example, declares a
struct NetJoinDomain and returns its out.result field, that enum
NET_API_STATUS. This does not match the declared return type of NetJoinDomain()
which is the type (not enum) NET_API_STATUS which itself is a different enum
defined in lib/netapi/netapi.h. 

Although enums are technically ints, returning an enum of a different type is
indicative of a possible bug, so the warning is reasonable. Can this code
change to use the same enum for both the return value and the declared return
type of the functions?

Changing component to File Services and reasigning to default assignee.

------- Comment #6 From Guenther Deschner 2009-04-01 05:50:13 CST -------
Derrell, I'm taking this one.

Bug 6242 - Can't browse a printers server
Bug#: 6242 Product:  Samba 3.3 Version: 3.3.2 Platform: All
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: ubuntu@kagou.fr QA Contact: samba-qa@samba.org
Component: Client tools Target Milestone: ---
URL: 
Summary: Can't browse a printers server
Keywords:  
Opened: 2009-04-02 07:52 CST
Description:   Opened: 2009-04-02 07:52 CST
My first bug was reported on system-config-printer, all informations are here :
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/330883

I use a printers server : Trendnet TE100-P21
http://www.trendnet.com/products/proddetail.asp?prod=145_TE100-P21&cat=46

All is ok under Windows XP clients, but I can not list shares on it under
Ubuntu 9.04 using smbclient 3.3.2



kagou@kagou-laptop:~$ smbclient -L Ps-70f869
Enter kagou's password:

 Sharename Type Comment
 --------- ---- -------

 Server Comment
 --------- -------

 Workgroup Master
 --------- -------
kagou@kagou-laptop:~$


Or there are 2 printers shared, and shown under Windows XP
http://launchpadlibrarian.net/24662403/winbro.jpg

------- Comment #1 From Guenther Deschner 2009-04-02 16:02:29 CST -------
Can you please upload a network trace with the (failed) attempt to see the
printers using smbclient -L Ps-70f869 ?

------- Comment #2 From Patrice Vetsel 2009-04-02 21:10:05 CST -------
You mean using a sniffer ?

------- Comment #3 From Patrice Vetsel 2009-04-03 06:37:19 CST -------
Created an attachment (id=4050) [details]
wireshark log

launch of wireshark
capture
launch : smbclien -L PS-70F869
end capture
save as (no change to type : tcpdump/...libpcap)

------- Comment #4 From Patrice Vetsel 2009-04-03 06:39:01 CST -------
Created an attachment (id=4051) [details]
wireshark log

launch of wireshark
capture
launch : smbclien -L PS-70F869
end capture
save as (no change to type : tcpdump/...libpcap)

PS : repost attachment 'cause I'm not sure for Content type, set it to
auto-detect

------- Comment #5 From Guenther Deschner 2009-04-03 07:12:51 CST -------
Ok, thanks, can you also upload a trace of the working printbox browsing using
a windows client ? That would allow to identify the issue quite fast.

------- Comment #6 From Patrice Vetsel 2009-04-03 07:29:20 CST -------
For informations : samba is installed ! (not by default)
If I remove samba I have this :
smbclient -L PS-70F869
Connection to PS-70F869 failed (Error NT_STATUS_BAD_NETWORK-NAME)

------- Comment #7 From Patrice Vetsel 2009-04-03 07:30:13 CST -------
Created an attachment (id=4052) [details]
wireshark log under XP

Here is wireshark log from windows xp

------- Comment #8 From Guenther Deschner 2009-04-03 07:54:12 CST -------
ok, thanks for the traces.

samba's clirap2.c LANMAN NetShareEnum is doing something wrong here. I can look
for a fix later today.

------- Comment #9 From Patrice Vetsel 2009-04-05 08:45:35 CST -------
Great :) Thanks Guenther Deschner

------- Comment #10 From Patrice Vetsel 2009-04-27 08:10:07 CST -------
Confirmed under final Ubuntu 9.04

------- Comment #11 From Derrell Lipman 2009-04-27 08:12:48 CST -------
corrected component

------- Comment #12 From Patrice Vetsel 2009-06-18 09:39:22 CST -------
@Derrell Lipman : which one ? where ? which version of samba correct this bug ?

------- Comment #13 From Patrice Vetsel 2009-06-18 09:43:25 CST -------
Oups, sorry Derrell forget this noise.

Bug 6246 - usrmgr, which creating a new user ticking "user must change password on next logon" doesn't take effect when using openldap smbk5pwd overlay
Bug#: 6246 Product:  Samba 3.3 Version: 3.3.3 Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: admin@dmarkey.com QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: usrmgr, which creating a new user ticking "user must change password on next logon" doesn't take effect when using openldap smbk5pwd overlay
Keywords:  
Opened: 2009-04-03 10:31 CST
Description:   Opened: 2009-04-03 10:31 CST
usrmgr, which creating a new user ticking "user must change password on next
logon" doesn't take effect when using smbk5pwd overlay

This is because smbk5pwd changes sambaPwdLastSet to the current time during the
EXOP password change.

In order for this to work samba must change the password first(via exop), then
set sambaPwdLastSet to zero.

------- Comment #1 From Guenther Deschner 2009-04-06 05:40:34 CST -------
looking into this one.

Bug 6252 - create_local_private_krb5_conf_for_domain can fail if not root
Bug#: 6252 Product:  Samba 3.3 Version: 3.3.2 Platform: x86
OS/Version: Linux Status: NEW Severity: minor Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: samba@mooby.net QA Contact: samba-qa@samba.org
Component: Client tools Target Milestone: ---
URL: 
Summary: create_local_private_krb5_conf_for_domain can fail if not root
Keywords:  
Opened: 2009-04-08 05:05 CST
Description:   Opened: 2009-04-08 05:05 CST
I use "net ads" often to get some informations against a 2003 AD. I use
Kerberos mainly for such operations.
With 3.3 release, there are some warnings which come up, because the code think
it is running as root, but in some situations, for example as user with admin
ticket, or when no tickets are present, this isn't the case


$ LC_ALL=C net ads info
[2009/04/08 12:02:06,  0]
libads/kerberos.c:create_local_private_krb5_conf_for_domain(914)
  create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file
/var/cache/samba/smb_tmp_krb5.FBpr5C. Errno Permission denied
[2009/04/08 12:02:06,  0]
libads/kerberos.c:create_local_private_krb5_conf_for_domain(914)
  create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file
/var/cache/samba/smb_tmp_krb5.mWR6b1. Errno Permission denied
LDAP server: 130.......

If I add a stickybit on /var/cache/samba to allow the creation of the temporary
file:

$ LC_ALL=C net ads info
[2009/04/08 12:03:15,  0]
libads/kerberos.c:create_local_private_krb5_conf_for_domain(950)
  create_local_private_krb5_conf_for_domain: rename of
/var/cache/samba/smb_tmp_krb5.5TA6ut to
/var/cache/samba/smb_krb5/krb5.conf.DPTINFO failed. Errno Operation not
permitted
[2009/04/08 12:03:15,  0]
libads/kerberos.c:create_local_private_krb5_conf_for_domain(950)
  create_local_private_krb5_conf_for_domain: rename of
/var/cache/samba/smb_tmp_krb5.NN4Peh to
/var/cache/samba/smb_krb5/krb5.conf.DPTINFO failed. Errno Operation not
permitted
LDAP server: 130....

 /var/cache/samba/smb_krb5/krb5.conf.DPTINFO belongs to root (and the content
is up to date)

Bug 6294 - Provided ntlogon script does only recognize primary user group
Bug#: 6294 Product:  Samba 3.2 Version: 3.2.5 Platform: All
OS/Version: Linux Status: NEW Severity: enhancement Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: kuhnla@comas.de QA Contact: samba-qa@samba.org
Component: Client tools Target Milestone: ---
URL: 
Summary: Provided ntlogon script does only recognize primary user group
Keywords:  
Opened: 2009-04-27 10:33 CST
Description:   Opened: 2009-04-27 10:33 CST
Hello Samba developers,

i found the ntlogon script very useful but had some difficulties to get it
working in a way one expects.

There are "Group" sections available in the config file and one expects, that
the script recognizes the groups a user belongs to and includes the appropriate
sections. But the python script does only include the group-section for the
primary user-group which is handed over with the "-g" argument. So I changed
the script and in my version it recognizes all the groups the user belongs to.
This way, the "-g" option is somewhat obsolete.

I woould like to suggest to include this version in the main distribution.

Kind regards

Markus

Here is the patch:
--- ntlogon.orig        2009-04-24 13:30:40.000000000 +0200
+++ ntlogon     2009-04-27 17:28:01.000000000 +0200
@@ -50,8 +50,7 @@

 # End configuration file

-usage: ntlogon [-g | --group=groupname] 
-               [-u | --user=username]
+usage: ntlogon [-u | --user=username]
                [-o | --os=osname]
                [-m | --machine=netbiosname]
                [-f | --templatefile=filename]
@@ -72,10 +71,24 @@
 import re
 import string
 import os
+import grp

-version = "ntlogon.py v0.8"
+version = "ntlogon.py v0.9"

-def buildScript(buf, sections, group, user, ostype, machine, debug, pause):
+def findusergroups(user):
+    """
+    Iterate through the group-database and find all groups the
+    user is a member of.
+    The list of groups is returned as a list.
+    """
+    groups=[]
+    for name,pwd,gid,members in grp.getgrall():
+        if user in members:
+            groups.append(name)
+    return groups
+
+
+def buildScript(buf, sections, user, ostype, machine, debug, pause):
     """
     buildScript() Takes the contents of the template file and builds
     a DOS batch file to be executed as an NT logon script. It does this
@@ -103,7 +116,6 @@
     # 
     macros = {
                        'U': user,
-                'G': group,
                 'a': ostype,
                 'm': machine
              }
@@ -111,6 +123,14 @@
     #
     # Process each section defined in the list sections
     #
+    if len(user) > 0:
+       grouplist=findusergroups(user)
+        groupre=r'('
+        for nextgroup in grouplist:
+            groupre=groupre+r'('+nextgroup+r')' + r'||'
+            
+        groupre=groupre[:-2] + r')' #remove the last '||'
+
     for s in sections:
         # print 'searching for: ' + s

@@ -127,7 +147,7 @@
             if s == 'Global':
                 hdrstring = '\[ *' + s + ' *\]'
             elif s == 'Group':
-                hdrstring = '\[ *' + s + ' *- *' + group + ' *\]'
+                hdrstring = '\[ *' + s + ' *- *' + groupre + ' *\]'
             elif s == 'User':
                 hdrstring = '\[ *' + s + ' *- *' + user + ' *\]'
             elif s == 'OS':
@@ -221,7 +241,8 @@
                         break   # if we have reached the end of the file
                                 # stop processing.

-            idx = idx + 1   # increment the line counter
+            else:
+                idx = idx + 1   # increment the line counter

         if debug:
             print ''
@@ -253,9 +274,8 @@
                                                     # configuration file 
                                                     # sections

-    options, args = getopt.getopt(sys.argv[1:], 'd:f:g:ho:u:m:v', 
+    options, args = getopt.getopt(sys.argv[1:], 'd:f:ho:u:m:v', 
                                  ['templatefile=', 
-                                  'group=',
                                   'help',
                                   'os=',
                                   'user=',
@@ -274,10 +294,6 @@
             configfile = i[1]
             # print 'configfile = ' + configfile

-        # define the group to be used
-        elif (i[0] == '-g') or (i[0] == '--group'):
-            group = i[1]
-            # print 'group = ' + group

         # define the os type
         elif (i[0] == '-o') or (i[0] == '--os'):
@@ -344,7 +360,7 @@
     #
     # call the script building routine
     #
-    script = buildScript(buf, sections, group, user, ostype, machine, debug,
pause)
+    script = buildScript(buf, sections, user, ostype, machine, debug, pause)

     #
     # write out the script file

------- Comment #1 From Guenther Deschner 2009-06-18 10:35:32 CST -------
Markus, can you please upload that patch as an attachment ?

------- Comment #2 From Markus Kuhnla 2009-06-18 10:55:09 CST -------
Created an attachment (id=4308) [details]
Patch for ntlogon python script

Sorry for not attaching the patch.

Bug 6334 - "net rpc vampire keytab" does not document all possible parameters in "net" manpage
Bug#: 6334 Product:  Samba 3.3 Version: 3.3.4 Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: gd@samba.org QA Contact: samba-docs-qa@samba.org
Component: Docs Target Milestone: ---
URL: 
Summary: "net rpc vampire keytab" does not document all possible parameters in "net" manpage
Keywords:  
Opened: 2009-05-06 09:53 CST
Description:   Opened: 2009-05-06 09:53 CST
"net rpc vampire keytab" does not document all possible parameters in "net"
manpage

Bug 6345 - After "net sam vampire", BUILTIN groups do not work
Bug#: 6345 Product:  Samba 3.3 Version: 3.3.4 Platform: x86
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: monyo@samba.gr.jp QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: After "net sam vampire", BUILTIN groups do not work
Keywords:  
Opened: 2009-05-09 14:40 CST
Description:   Opened: 2009-05-09 14:40 CST
After "net sam vampire", BUILTIN groups do not work.

They cannnot be seen by User Manager.

-----
# /usr/local/samba/bin/net rpc group members administrators -U root%password
Couldn't list alias members
-----

P.S.
(1) These errors are shown during "net sam vampire"

-----
Creating account: NT40WS1$^
usermod: user NT40WS1_ does not exist
[2009/05/09 02:59:58,  0] groupdb/mapping.c:smb_set_primary_group(312)
  smb_set_primary_group: Running the command `usermod -g 'Domain Users'
'NT40WS1
_'' gave 6
-----

(2) If I click a (normal) Local group, the message which means "The databse is
corrupted" is displayed.

------- Comment #1 From TAKAHASHI Motonobu 2009-05-09 14:48:24 CST -------
Created an attachment (id=4134) [details]
Level 10 log (compressed)

Level 10 log when running "net group member administrators" at 3:03:26 - 39

------- Comment #2 From TAKAHASHI Motonobu 2009-05-09 14:49:07 CST -------
Created an attachment (id=4135) [details]
Log for "net samdump" and "net vampire "

Bug 6347 - [samba] the printer espson takes a long time (> 5 minutes) to print a page
Bug#: 6347 Product:  Samba 3.3 Version: 3.3.4 Platform: All
OS/Version: Windows XP Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: riahi.raouf@gmail.com QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: [samba] the printer espson takes a long time (> 5 minutes) to print a page
Keywords:  
Opened: 2009-05-10 14:37 CST
Description:   Opened: 2009-05-10 14:37 CST
Hello, 

It has been several times that I try to use samba as a print server. 

But I still and always slow at the start of printing under Windows and also to
open the printer properties. 

However when I run a test page with CUPS, it prints on. The problem is
transferred to the top of the client to print server. 


Thank you

------- Comment #1 From Karolin Seeger 2009-05-19 04:21:27 CST -------
Please attach your configuration and a level 10 smbd log containing a printing
attempt. A network sniff (http://wiki.samba.org/index.php/Capture_Packets)
might help also.

Thanks!

Bug 6364 - Problems joining SLES10 machine running 3.3.4 to join a 2008 domain
Bug#: 6364 Product:  Samba 3.3 Version: 3.3.4 Platform: x64
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: alex.green@db.com QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: Problems joining SLES10 machine running 3.3.4 to join a 2008 domain
Keywords:  
Opened: 2009-05-15 11:42 CST
Description:   Opened: 2009-05-15 11:42 CST
smbd -V : 3.3.4-0.1.146-2113-SUSE-CODE10 

Running:

net -d 3 -U admuser@DOM.REALM.CO.COM ads join
createcomputer="REG/CN/OU/Services/"

Error:

:1,/05/15 14:23:26,  5] lib/debug.c:debug_dump_status(407)
  INFO: Current debug levels:
    all: True/10
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
    locking: False/0
    msdfs: False/0
    dmapi: False/0
    registry: False/0
[2009/05/15 14:23:26,  3] param/loadparm.c:lp_load_ex(8794)
  lp_load_ex: refreshing parameters
[2009/05/15 14:23:26,  3] param/loadparm.c:init_globals(4629)
  Initialising global parameters
[2009/05/15 14:23:26,  3] param/params.c:pm_process(569)
  params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2009/05/15 14:23:26,  3] param/loadparm.c:do_section(7457)
  Processing section "[global]"
  doing parameter server string = HOST SuSE Samba Server
  doing parameter security = ADS
  doing parameter realm = DOM.REALM.CO.COM
  doing parameter netbios name = HOST
[2009/05/15 14:23:26,  4] param/loadparm.c:handle_netbios_name(6810)
  handle_netbios_name: set global_myname to: HOST
  doing parameter workgroup = DOM
  doing parameter local master = No
  doing parameter domain master = No
  doing parameter domain logons = No
  doing parameter use kerberos keytab = No
  doing parameter password server = DOM.REALM.CO.COM
  doing parameter encrypt passwords = Yes
  doing parameter dns proxy = No
  doing parameter client use spnego = Yes
  doing parameter client ntlmv2 auth = Yes
  doing parameter client lanman auth = No
  doing parameter client plaintext auth = No
  doing parameter use spnego = Yes
  doing parameter lanman auth = No
  doing parameter ntlm auth = No
  doing parameter disable netbios = Yes
  doing parameter client schannel = Auto
  doing parameter server schannel = Auto
  doing parameter client signing = Auto
  doing parameter server signing = Auto
  doing parameter winbind enum users = No
  doing parameter winbind enum groups = No
  doing parameter deadtime = 5
  doing parameter hostname lookups = Yes
  doing parameter hosts allow = localhost, 10.
  doing parameter hosts deny = ALL
  doing parameter interfaces = localhost, host-smb.uk.db.com
  doing parameter bind interfaces only = Yes
  doing parameter log level = 3
  doing parameter log file = /var/log/samba/log.samba
  doing parameter max log size = 9000
  doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY
  doing parameter nis homedir = No
  doing parameter hide dot files = Yes
  doing parameter include = /opt/samba/etc/smb.conf.standard
[2009/05/15 14:23:26,  3] param/params.c:pm_process(569)
  params.c:pm_process() - Processing configuration file
"/opt/samba/etc/smb.conf.standard"
  doing parameter wide links = No
  doing parameter local master = No
  doing parameter domain master = No
  doing parameter preferred master = No
  doing parameter os level = 0
[2009/05/15 14:23:26,  4] param/loadparm.c:lp_load_ex(8838)
  pm_process() returned Yes
[2009/05/15 14:23:26,  7] param/loadparm.c:lp_servicenumber(9043)
  lp_servicenumber: couldn't find homes
[2009/05/15 14:23:26, 10] param/loadparm.c:set_server_role(8016)
  set_server_role: role = ROLE_DOMAIN_MEMBER
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(104)
  Attempting to register new charset UCS-2LE
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(112)
  Registered charset UCS-2LE
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(104)
  Attempting to register new charset UTF-16LE
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(112)
  Registered charset UTF-16LE
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(104)
  Attempting to register new charset UCS-2BE
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(112)
  Registered charset UCS-2BE
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(104)
  Attempting to register new charset UTF-16BE
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(112)
  Registered charset UTF-16BE
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(104)
  Attempting to register new charset UTF8
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(112)
  Registered charset UTF8
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(104)
  Attempting to register new charset UTF-8
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(112)
  Registered charset UTF-8
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(104)
  Attempting to register new charset ASCII
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(112)
  Registered charset ASCII
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(104)
  Attempting to register new charset 646
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(112)
  Registered charset 646
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(104)
  Attempting to register new charset ISO-8859-1
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(112)
  Registered charset ISO-8859-1
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(104)
  Attempting to register new charset UCS2-HEX
[2009/05/15 14:23:26,  5] lib/iconv.c:smb_register_charset(112)
  Registered charset UCS2-HEX
[2009/05/15 14:23:26,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:26,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:26,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:26,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:26,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:26,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:26,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:26,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:26,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:26,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:26,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:26,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:26,  5] lib/util.c:init_names(269)
  Netbios name list:-
  my_netbios_names[0]="HOST"
[2009/05/15 14:23:26,  2] lib/interface.c:add_interface(340)
  added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
[2009/05/15 14:23:26,  2] lib/interface.c:add_interface(340)
  added interface eth0 ip=IPADRESS bcast=BCAST netmask=255.255.255.0
[2009/05/15 14:23:29,  1] libnet/libnet_join.c:libnet_Join(1871)
  libnet_Join:
      libnet_JoinCtx: struct libnet_JoinCtx
          in: struct libnet_JoinCtx
              dc_name                  : NULL
              machine_name             : 'HOST'
              domain_name              : *
                  domain_name              : 'DOM.REALM.CO.COM'
              account_ou               : 'REG/CN/OU/Services/'
              admin_account            : 'admuser@DOM.REALM.CO.COM'
              admin_password           : *
              machine_password         : NULL
              join_flags               : 0x00000023 (35)
                     0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
                     0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
                     0: WKSSVC_JOIN_FLAGS_DEFER_SPN
                     0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
                     0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
                     1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
                     0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
                     0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
                     1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
                     1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
              os_version               : NULL
              os_name                  : NULL
              create_upn               : 0x00 (0)
              upn                      : NULL
              modify_config            : 0x00 (0)
              ads                      : NULL
              debug                    : 0x01 (1)
              use_kerberos             : 0x00 (0)
              secure_channel_type      : SEC_CHAN_WKSTA (2)
[2009/05/15 14:23:29, 10] libsmb/dsgetdcname.c:dsgetdcname(1167)
  dsgetdcname: domain_name: DOM.REALM.CO.COM, domain_guid: (null), site_name:
(null), flags: 0x40001011
[2009/05/15 14:23:29, 10] libsmb/dsgetdcname.c:debug_dsdcinfo_flags(46)
  debug_dsdcinfo_flags: 0x40001011
        DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED
DS_RETURN_DNS_NAME 
[2009/05/15 14:23:29,  5] lib/gencache.c:gencache_init(61)
  Opening cache file at /var/lib/samba/gencache.tdb
[2009/05/15 14:23:29, 10] lib/gencache.c:gencache_get(208)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/DOM.REALM.CO.COM, value
= Default-First-Site-Name, timeout = Sun Feb  7 06:28:15 2106
[2009/05/15 14:23:29,  5] libads/dns.c:sitename_fetch(817)
  sitename_fetch: Returning sitename for DOM.REALM.CO.COM:
"Default-First-Site-Name"
[2009/05/15 14:23:29, 10] libsmb/dsgetdcname.c:dsgetdcname_rediscover(1080)
  dsgetdcname_rediscover
[2009/05/15 14:23:29,  4] libads/dns.c:ads_dns_lookup_srv(432)
  ads_dns_lookup_srv: 2 records returned in the answer section.
[2009/05/15 14:23:29, 10] libads/dns.c:ads_dns_parse_rr_srv(213)
  ads_dns_parse_rr_srv: Parsed dchost.dom.realm.co.com [0, 100, 389]
[2009/05/15 14:23:29, 10] libads/dns.c:ads_dns_parse_rr_srv(213)
  ads_dns_parse_rr_srv: Parsed esbadengwvm2.dom.realm.co.com [0, 100, 389]
[2009/05/15 14:23:29, 10] libsmb/dsgetdcname.c:process_dc_dns(894)
  LDAP ping to dchost.dom.realm.co.com
      &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
          command                  : LOGON_SAM_LOGON_RESPONSE_EX (23)
          sbz                      : 0x0000 (0)
          server_type              : 0x000011fc (4604)
                 0: NBT_SERVER_PDC           
                 1: NBT_SERVER_GC            
                 1: NBT_SERVER_LDAP          
                 1: NBT_SERVER_DS            
                 1: NBT_SERVER_KDC           
                 1: NBT_SERVER_TIMESERV      
                 1: NBT_SERVER_CLOSEST       
                 1: NBT_SERVER_WRITABLE      
                 0: NBT_SERVER_GOOD_TIMESERV 
                 0: NBT_SERVER_NDNC          
                 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
                 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
          domain_uuid              : 7edaa194-dc63-4f64-989e-10fbaa0a1c76
          forest                   : 'realm.co.com'
          dns_domain               : 'dom.realm.co.com'
          pdc_dns_name             : 'dchost.dom.realm.co.com'
          domain                   : 'DOM'
          pdc_name                 : 'DCHOST'
          user_name                : ''
          server_site              : 'Default-First-Site-Name'
          client_site              : 'Default-First-Site-Name'
          sockaddr_size            : 0x00 (0)
          sockaddr: struct nbt_sockaddr
              sockaddr_family          : 0x00000000 (0)
              pdc_ip                   : (null)
              remaining                : DATA_BLOB length=0
          next_closest_site        : NULL
          nt_version               : 0x00000005 (5)
                 1: NETLOGON_NT_VERSION_1    
                 0: NETLOGON_NT_VERSION_5    
                 1: NETLOGON_NT_VERSION_5EX  
                 0: NETLOGON_NT_VERSION_5EX_WITH_IP
                 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
                 0: NETLOGON_NT_VERSION_AVIOD_NT4EMUL
                 0: NETLOGON_NT_VERSION_PDC  
                 0: NETLOGON_NT_VERSION_IP   
                 0: NETLOGON_NT_VERSION_LOCAL
                 0: NETLOGON_NT_VERSION_GC   
          lmnt_token               : 0xffff (65535)
          lm20_token               : 0xffff (65535)
[2009/05/15 14:23:29, 10] lib/gencache.c:gencache_set_data_blob(374)
  Adding cache entry with key = DSGETDCNAME/DOMAIN/DOM; blob size = 155 and
timeout = Fri May 15 14:38:29 2009
  (900 seconds ahead)
[2009/05/15 14:23:29, 10] libads/dns.c:sitename_store(778)
  sitename_store: realm = [DOM], sitename = [Default-First-Site-Name], expire =
[4294967295]
[2009/05/15 14:23:29, 10] lib/gencache.c:gencache_set(131)
  Adding cache entry with key = AD_SITENAME/DOMAIN/DOM; value =
Default-First-Site-Name and timeout = (null) (-1242393810 seconds ahead)
[2009/05/15 14:23:29, 10] lib/gencache.c:gencache_set_data_blob(374)
  Adding cache entry with key = DSGETDCNAME/DOMAIN/DOM.REALM.CO.COM; blob size
= 155 and timeout = Fri May 15 14:38:29 2009
  (900 seconds ahead)
[2009/05/15 14:23:29, 10] libads/dns.c:sitename_store(778)
  sitename_store: realm = [dom.realm.co.com], sitename =
[Default-First-Site-Name], expire = [4294967295]
[2009/05/15 14:23:29, 10] lib/gencache.c:gencache_set(131)
  Adding cache entry with key = AD_SITENAME/DOMAIN/DOM.REALM.CO.COM; value =
Default-First-Site-Name and timeout = (null) (-1242393810 seconds ahead)
[2009/05/15 14:23:29,  3] libsmb/cliconnect.c:cli_start_connection(1649)
  Connecting to host=dchost.dom.realm.co.com
[2009/05/15 14:23:29, 10] lib/gencache.c:gencache_get(208)
  Returning valid cache entry: key = AD_SITENAME/DOMAIN/DOM.REALM.CO.COM, value
= Default-First-Site-Name, timeout = Sun Feb  7 06:28:15 2106
[2009/05/15 14:23:29,  5] libads/dns.c:sitename_fetch(817)
  sitename_fetch: Returning sitename for DOM.REALM.CO.COM:
"Default-First-Site-Name"
[2009/05/15 14:23:29, 10] libsmb/namequery.c:internal_resolve_name(1505)
  internal_resolve_name: looking up dchost.dom.realm.co.com#20 (sitename
Default-First-Site-Name)
[2009/05/15 14:23:29, 10] lib/gencache.c:gencache_get(208)
  Returning valid cache entry: key = NBT/LONADENGWVM2.DOM.REALM.CO.COM#20,
value = 10.128.48.202:0, timeout = Fri May 15 14:33:58 2009
[2009/05/15 14:23:29,  5] libsmb/namecache.c:namecache_fetch(233)
  name dchost.dom.realm.co.com#20 found.
[2009/05/15 14:23:29,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:29,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:29,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:29,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:29,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:29,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:29,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:29,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:29,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:29,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:29,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:29,  5] lib/charcnv.c:charset_name(82)
  Substituting charset 'UTF-8' for LOCALE
[2009/05/15 14:23:29,  3] lib/util_sock.c:open_socket_out(1400)
  Connecting to 10.128.48.202 at port 445
[2009/05/15 14:23:30,  5] lib/util_sock.c:print_socket_options(781)
  socket option SO_KEEPALIVE = 0
[2009/05/15 14:23:30,  5] lib/util_sock.c:print_socket_options(781)
  socket option SO_REUSEADDR = 0
[2009/05/15 14:23:30,  5] lib/util_sock.c:print_socket_options(781)
  socket option SO_BROADCAST = 0
[2009/05/15 14:23:30,  5] lib/util_sock.c:print_socket_options(781)
  socket option TCP_NODELAY = 1
[2009/05/15 14:23:30,  5] lib/util_sock.c:print_socket_options(781)
  socket option TCP_KEEPCNT = 9
[2009/05/15 14:23:30,  5] lib/util_sock.c:print_socket_options(781)
  socket option TCP_KEEPIDLE = 7200
[2009/05/15 14:23:30,  5] lib/util_sock.c:print_socket_options(781)
  socket option TCP_KEEPINTVL = 75
[2009/05/15 14:23:30,  5] lib/util_sock.c:print_socket_options(781)
  socket option IPTOS_LOWDELAY = 16
[2009/05/15 14:23:30,  5] lib/util_sock.c:print_socket_options(781)
  socket option IPTOS_THROUGHPUT = 16
[2009/05/15 14:23:30,  5] lib/util_sock.c:print_socket_options(781)
  socket option SO_SNDBUF = 16384
[2009/05/15 14:23:30,  5] lib/util_sock.c:print_socket_options(781)
  socket option SO_RCVBUF = 87380
[2009/05/15 14:23:30,  5] lib/util_sock.c:print_socket_options(781)
  socket option SO_SNDLOWAT = 1
[2009/05/15 14:23:30,  5] lib/util_sock.c:print_socket_options(781)
  socket option SO_RCVLOWAT = 1
[2009/05/15 14:23:30,  5] lib/util_sock.c:print_socket_options(781)
  socket option SO_SNDTIMEO = 0
[2009/05/15 14:23:30,  5] lib/util_sock.c:print_socket_options(781)
  socket option SO_RCVTIMEO = 0
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(236)
  write_socket(6,194)
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(239)
  write_socket(6,194) wrote 194
[2009/05/15 14:23:30, 10]
lib/util_sock.c:read_smb_length_return_keepalive(1187)
  got smb length of 193
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=193
  smb_com=0x72
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51201
  smb_tid=0
  smb_pid=927
  smb_uid=0
  smb_mid=1
  smt_wct=17
  smb_vwv[ 0]=    9 (0x9)
  smb_vwv[ 1]=12807 (0x3207)
  smb_vwv[ 2]=  256 (0x100)
  smb_vwv[ 3]= 1024 (0x400)
  smb_vwv[ 4]=   65 (0x41)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  256 (0x100)
  smb_vwv[ 7]=    0 (0x0)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=64768 (0xFD00)
  smb_vwv[10]=  499 (0x1F3)
  smb_vwv[11]=31616 (0x7B80)
  smb_vwv[12]=15008 (0x3AA0)
  smb_vwv[13]=24678 (0x6066)
  smb_vwv[14]=51669 (0xC9D5)
  smb_vwv[15]=50177 (0xC401)
  smb_vwv[16]=  255 (0xFF)
  smb_bcc=124
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 96 61 A9 DE 8D 94 C8 41  88 11 B5 6D 9C DE F6 4E  .a.....A ...m...N
  [010] 60 6A 06 06 2B 06 01 05  05 02 A0 60 30 5E A0 30  `j..+... ...`0^.0
  [020] 30 2E 06 09 2A 86 48 82  F7 12 01 02 02 06 09 2A  0...*.H. .......*
  [030] 86 48 86 F7 12 01 02 02  06 0A 2A 86 48 86 F7 12  .H...... ..*.H...
  [040] 01 02 02 03 06 0A 2B 06  01 04 01 82 37 02 02 0A  ......+. ....7...
  [050] A3 2A 30 28 A0 26 1B 24  6E 6F 74 5F 64 65 66 69  .*0(.&.$ not_defi
  [060] 6E 65 64 5F 69 6E 5F 52  46 43 34 31 37 38 40 70  ned_in_R FC4178@p
  [070] 6C 65 61 73 65 5F 69 67  6E 6F 72 65              lease_ig nore
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=193
  smb_com=0x72
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51201
  smb_tid=0
  smb_pid=927
  smb_uid=0
  smb_mid=1
  smt_wct=17
  smb_vwv[ 0]=    9 (0x9)
  smb_vwv[ 1]=12807 (0x3207)
  smb_vwv[ 2]=  256 (0x100)
  smb_vwv[ 3]= 1024 (0x400)
  smb_vwv[ 4]=   65 (0x41)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  256 (0x100)
  smb_vwv[ 7]=    0 (0x0)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=64768 (0xFD00)
  smb_vwv[10]=  499 (0x1F3)
  smb_vwv[11]=31616 (0x7B80)
  smb_vwv[12]=15008 (0x3AA0)
  smb_vwv[13]=24678 (0x6066)
  smb_vwv[14]=51669 (0xC9D5)
  smb_vwv[15]=50177 (0xC401)
  smb_vwv[16]=  255 (0xFF)
  smb_bcc=124
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 96 61 A9 DE 8D 94 C8 41  88 11 B5 6D 9C DE F6 4E  .a.....A ...m...N
  [010] 60 6A 06 06 2B 06 01 05  05 02 A0 60 30 5E A0 30  `j..+... ...`0^.0
  [020] 30 2E 06 09 2A 86 48 82  F7 12 01 02 02 06 09 2A  0...*.H. .......*
  [030] 86 48 86 F7 12 01 02 02  06 0A 2A 86 48 86 F7 12  .H...... ..*.H...
  [040] 01 02 02 03 06 0A 2B 06  01 04 01 82 37 02 02 0A  ......+. ....7...
  [050] A3 2A 30 28 A0 26 1B 24  6E 6F 74 5F 64 65 66 69  .*0(.&.$ not_defi
  [060] 6E 65 64 5F 69 6E 5F 52  46 43 34 31 37 38 40 70  ned_in_R FC4178@p
  [070] 6C 65 61 73 65 5F 69 67  6E 6F 72 65              lease_ig nore
[2009/05/15 14:23:30,  3] libsmb/cliconnect.c:cli_session_setup_spnego(823)
  Doing spnego session setup (blob length=124)
[2009/05/15 14:23:30,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 48018 1 2 2
[2009/05/15 14:23:30,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 113554 1 2 2
[2009/05/15 14:23:30,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 113554 1 2 2 3
[2009/05/15 14:23:30,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 3 6 1 4 1 311 2 2 10
[2009/05/15 14:23:30,  3] libsmb/cliconnect.c:cli_session_setup_spnego(858)
  got principal=not_defined_in_RFC4178@please_ignore
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(236)
  write_socket(6,166)
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(239)
  write_socket(6,166) wrote 166
[2009/05/15 14:23:30, 10]
lib/util_sock.c:read_smb_length_return_keepalive(1187)
  got smb length of 588
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=588
  smb_com=0x73
  smb_rcls=22
  smb_reh=0
  smb_err=49152
  smb_flg=136
  smb_flg2=51205
  smb_tid=0
  smb_pid=927
  smb_uid=2050
  smb_mid=2
  smt_wct=4
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=  588 (0x24C)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=  293 (0x125)
  smb_bcc=545
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] A1 82 01 21 30 82 01 1D  A0 03 0A 01 01 A1 0C 06  ...!0... ........
  [010] 0A 2B 06 01 04 01 82 37  02 02 0A A2 82 01 06 04  .+.....7 ........
  [020] 82 01 02 4E 54 4C 4D 53  53 50 00 02 00 00 00 0A  ...NTLMS SP......
  [030] 00 0A 00 38 00 00 00 15  82 89 62 34 57 BA 47 B5  ...8.... ..b4W.G.
  [040] 3B 6A BA 00 00 00 00 00  00 00 00 C0 00 C0 00 42  ;j...... .......B
  [050] 00 00 00 06 00 71 17 00  00 00 0F 5A 00 57 00 44  .....q.. ...Z.W.D
  [060] 00 42 00 47 00 02 00 0A  00 5A 00 57 00 44 00 42  .B.G.... .Z.W.D.B
  [070] 00 47 00 01 00 18 00 4C  00 4F 00 4E 00 41 00 44  .G.....L .O.N.A.D
  [080] 00 45 00 4E 00 47 00 57  00 56 00 4D 00 32 00 04  .E.N.G.W .V.M.2..
  [090] 00 24 00 7A 00 77 00 64  00 62 00 67 00 2E 00 7A  .$.z.w.d .b.g...z
  [0A0] 00 77 00 61 00 64 00 73  00 2E 00 64 00 62 00 2E  .w.a.d.s ...d.b..
  [0B0] 00 63 00 6F 00 6D 00 03  00 3E 00 6C 00 6F 00 6E  .c.o.m.. .>.l.o.n
  [0C0] 00 61 00 64 00 65 00 6E  00 67 00 77 00 76 00 6D  .a.d.e.n .g.w.v.m
  [0D0] 00 32 00 2E 00 7A 00 77  00 64 00 62 00 67 00 2E  .2...z.w .d.b.g..
  [0E0] 00 7A 00 77 00 61 00 64  00 73 00 2E 00 64 00 62  .z.w.a.d .s...d.b
  [0F0] 00 2E 00 63 00 6F 00 6D  00 05 00 18 00 7A 00 77  ...c.o.m .....z.w
  [100] 00 61 00 64 00 73 00 2E  00 64 00 62 00 2E 00 63  .a.d.s.. .d.b...c
  [110] 00 6F 00 6D 00 07 00 08  00 D4 02 3D 66 60 D5 C9  .o.m.... ...=f`..
  [120] 01 00 00 00 00 57 00 69  00 6E 00 64 00 6F 00 77  .....W.i .n.d.o.w
  [130] 00 73 00 20 00 53 00 65  00 72 00 76 00 65 00 72  .s. .S.e .r.v.e.r
  [140] 00 20 00 28 00 52 00 29  00 20 00 32 00 30 00 30  . .(.R.) . .2.0.0
  [150] 00 38 00 20 00 45 00 6E  00 74 00 65 00 72 00 70  .8. .E.n .t.e.r.p
  [160] 00 72 00 69 00 73 00 65  00 20 00 77 00 69 00 74  .r.i.s.e . .w.i.t
  [170] 00 68 00 6F 00 75 00 74  00 20 00 48 00 79 00 70  .h.o.u.t . .H.y.p
  [180] 00 65 00 72 00 2D 00 56  00 20 00 36 00 30 00 30  .e.r.-.V . .6.0.0
  [190] 00 31 00 20 00 53 00 65  00 72 00 76 00 69 00 63  .1. .S.e .r.v.i.c
  [1A0] 00 65 00 20 00 50 00 61  00 63 00 6B 00 20 00 31  .e. .P.a .c.k. .1
  [1B0] 00 00 00 57 00 69 00 6E  00 64 00 6F 00 77 00 73  ...W.i.n .d.o.w.s
  [1C0] 00 20 00 53 00 65 00 72  00 76 00 65 00 72 00 20  . .S.e.r .v.e.r. 
  [1D0] 00 28 00 52 00 29 00 20  00 32 00 30 00 30 00 38  .(.R.).  .2.0.0.8
  [1E0] 00 20 00 45 00 6E 00 74  00 65 00 72 00 70 00 72  . .E.n.t .e.r.p.r
  [1F0] 00 69 00 73 00 65 00 20  00 77 00 69 00 74 00 68  .i.s.e.  .w.i.t.h
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=588
  smb_com=0x73
  smb_rcls=22
  smb_reh=0
  smb_err=49152
  smb_flg=136
  smb_flg2=51205
  smb_tid=0
  smb_pid=927
  smb_uid=2050
  smb_mid=2
  smt_wct=4
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=  588 (0x24C)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=  293 (0x125)
  smb_bcc=545
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] A1 82 01 21 30 82 01 1D  A0 03 0A 01 01 A1 0C 06  ...!0... ........
  [010] 0A 2B 06 01 04 01 82 37  02 02 0A A2 82 01 06 04  .+.....7 ........
  [020] 82 01 02 4E 54 4C 4D 53  53 50 00 02 00 00 00 0A  ...NTLMS SP......
  [030] 00 0A 00 38 00 00 00 15  82 89 62 34 57 BA 47 B5  ...8.... ..b4W.G.
  [040] 3B 6A BA 00 00 00 00 00  00 00 00 C0 00 C0 00 42  ;j...... .......B
  [050] 00 00 00 06 00 71 17 00  00 00 0F 5A 00 57 00 44  .....q.. ...Z.W.D
  [060] 00 42 00 47 00 02 00 0A  00 5A 00 57 00 44 00 42  .B.G.... .Z.W.D.B
  [070] 00 47 00 01 00 18 00 4C  00 4F 00 4E 00 41 00 44  .G.....L .O.N.A.D
  [080] 00 45 00 4E 00 47 00 57  00 56 00 4D 00 32 00 04  .E.N.G.W .V.M.2..
  [090] 00 24 00 7A 00 77 00 64  00 62 00 67 00 2E 00 7A  .$.z.w.d .b.g...z
  [0A0] 00 77 00 61 00 64 00 73  00 2E 00 64 00 62 00 2E  .w.a.d.s ...d.b..
  [0B0] 00 63 00 6F 00 6D 00 03  00 3E 00 6C 00 6F 00 6E  .c.o.m.. .>.l.o.n
  [0C0] 00 61 00 64 00 65 00 6E  00 67 00 77 00 76 00 6D  .a.d.e.n .g.w.v.m
  [0D0] 00 32 00 2E 00 7A 00 77  00 64 00 62 00 67 00 2E  .2...z.w .d.b.g..
  [0E0] 00 7A 00 77 00 61 00 64  00 73 00 2E 00 64 00 62  .z.w.a.d .s...d.b
  [0F0] 00 2E 00 63 00 6F 00 6D  00 05 00 18 00 7A 00 77  ...c.o.m .....z.w
  [100] 00 61 00 64 00 73 00 2E  00 64 00 62 00 2E 00 63  .a.d.s.. .d.b...c
  [110] 00 6F 00 6D 00 07 00 08  00 D4 02 3D 66 60 D5 C9  .o.m.... ...=f`..
  [120] 01 00 00 00 00 57 00 69  00 6E 00 64 00 6F 00 77  .....W.i .n.d.o.w
  [130] 00 73 00 20 00 53 00 65  00 72 00 76 00 65 00 72  .s. .S.e .r.v.e.r
  [140] 00 20 00 28 00 52 00 29  00 20 00 32 00 30 00 30  . .(.R.) . .2.0.0
  [150] 00 38 00 20 00 45 00 6E  00 74 00 65 00 72 00 70  .8. .E.n .t.e.r.p
  [160] 00 72 00 69 00 73 00 65  00 20 00 77 00 69 00 74  .r.i.s.e . .w.i.t
  [170] 00 68 00 6F 00 75 00 74  00 20 00 48 00 79 00 70  .h.o.u.t . .H.y.p
  [180] 00 65 00 72 00 2D 00 56  00 20 00 36 00 30 00 30  .e.r.-.V . .6.0.0
  [190] 00 31 00 20 00 53 00 65  00 72 00 76 00 69 00 63  .1. .S.e .r.v.i.c
  [1A0] 00 65 00 20 00 50 00 61  00 63 00 6B 00 20 00 31  .e. .P.a .c.k. .1
  [1B0] 00 00 00 57 00 69 00 6E  00 64 00 6F 00 77 00 73  ...W.i.n .d.o.w.s
  [1C0] 00 20 00 53 00 65 00 72  00 76 00 65 00 72 00 20  . .S.e.r .v.e.r. 
  [1D0] 00 28 00 52 00 29 00 20  00 32 00 30 00 30 00 38  .(.R.).  .2.0.0.8
  [1E0] 00 20 00 45 00 6E 00 74  00 65 00 72 00 70 00 72  . .E.n.t .e.r.p.r
  [1F0] 00 69 00 73 00 65 00 20  00 77 00 69 00 74 00 68  .i.s.e.  .w.i.t.h
[2009/05/15 14:23:30,  3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1027)
  Got challenge flags:
[2009/05/15 14:23:30,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x62898215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_CHAL_TARGET_INFO
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2009/05/15 14:23:30,  3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1049)
  NTLMSSP: Set final flags:
[2009/05/15 14:23:30,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2009/05/15 14:23:30,  3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
  NTLMSSP Sign/Seal - Initialising with flags:
[2009/05/15 14:23:30,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(236)
  write_socket(6,478)
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(239)
  write_socket(6,478) wrote 478
[2009/05/15 14:23:30, 10]
lib/util_sock.c:read_smb_length_return_keepalive(1187)
  got smb length of 304
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=304
  smb_com=0x73
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=0
  smb_pid=927
  smb_uid=2050
  smb_mid=3
  smt_wct=4
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=  304 (0x130)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    9 (0x9)
  smb_bcc=261
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] A1 07 30 05 A0 03 0A 01  00 57 00 69 00 6E 00 64  ..0..... .W.i.n.d
  [010] 00 6F 00 77 00 73 00 20  00 53 00 65 00 72 00 76  .o.w.s.  .S.e.r.v
  [020] 00 65 00 72 00 20 00 28  00 52 00 29 00 20 00 32  .e.r. .( .R.). .2
  [030] 00 30 00 30 00 38 00 20  00 45 00 6E 00 74 00 65  .0.0.8.  .E.n.t.e
  [040] 00 72 00 70 00 72 00 69  00 73 00 65 00 20 00 77  .r.p.r.i .s.e. .w
  [050] 00 69 00 74 00 68 00 6F  00 75 00 74 00 20 00 48  .i.t.h.o .u.t. .H
  [060] 00 79 00 70 00 65 00 72  00 2D 00 56 00 20 00 36  .y.p.e.r .-.V. .6
  [070] 00 30 00 30 00 31 00 20  00 53 00 65 00 72 00 76  .0.0.1.  .S.e.r.v
  [080] 00 69 00 63 00 65 00 20  00 50 00 61 00 63 00 6B  .i.c.e.  .P.a.c.k
  [090] 00 20 00 31 00 00 00 57  00 69 00 6E 00 64 00 6F  . .1...W .i.n.d.o
  [0A0] 00 77 00 73 00 20 00 53  00 65 00 72 00 76 00 65  .w.s. .S .e.r.v.e
  [0B0] 00 72 00 20 00 28 00 52  00 29 00 20 00 32 00 30  .r. .(.R .). .2.0
  [0C0] 00 30 00 38 00 20 00 45  00 6E 00 74 00 65 00 72  .0.8. .E .n.t.e.r
  [0D0] 00 70 00 72 00 69 00 73  00 65 00 20 00 77 00 69  .p.r.i.s .e. .w.i
  [0E0] 00 74 00 68 00 6F 00 75  00 74 00 20 00 48 00 79  .t.h.o.u .t. .H.y
  [0F0] 00 70 00 65 00 72 00 2D  00 56 00 20 00 36 00 2E  .p.e.r.- .V. .6..
  [100] 00 30 00 00 00                                    .0... 
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=304
  smb_com=0x73
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=0
  smb_pid=927
  smb_uid=2050
  smb_mid=3
  smt_wct=4
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=  304 (0x130)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    9 (0x9)
  smb_bcc=261
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] A1 07 30 05 A0 03 0A 01  00 57 00 69 00 6E 00 64  ..0..... .W.i.n.d
  [010] 00 6F 00 77 00 73 00 20  00 53 00 65 00 72 00 76  .o.w.s.  .S.e.r.v
  [020] 00 65 00 72 00 20 00 28  00 52 00 29 00 20 00 32  .e.r. .( .R.). .2
  [030] 00 30 00 30 00 38 00 20  00 45 00 6E 00 74 00 65  .0.0.8.  .E.n.t.e
  [040] 00 72 00 70 00 72 00 69  00 73 00 65 00 20 00 77  .r.p.r.i .s.e. .w
  [050] 00 69 00 74 00 68 00 6F  00 75 00 74 00 20 00 48  .i.t.h.o .u.t. .H
  [060] 00 79 00 70 00 65 00 72  00 2D 00 56 00 20 00 36  .y.p.e.r .-.V. .6
  [070] 00 30 00 30 00 31 00 20  00 53 00 65 00 72 00 76  .0.0.1.  .S.e.r.v
  [080] 00 69 00 63 00 65 00 20  00 50 00 61 00 63 00 6B  .i.c.e.  .P.a.c.k
  [090] 00 20 00 31 00 00 00 57  00 69 00 6E 00 64 00 6F  . .1...W .i.n.d.o
  [0A0] 00 77 00 73 00 20 00 53  00 65 00 72 00 76 00 65  .w.s. .S .e.r.v.e
  [0B0] 00 72 00 20 00 28 00 52  00 29 00 20 00 32 00 30  .r. .(.R .). .2.0
  [0C0] 00 30 00 38 00 20 00 45  00 6E 00 74 00 65 00 72  .0.8. .E .n.t.e.r
  [0D0] 00 70 00 72 00 69 00 73  00 65 00 20 00 77 00 69  .p.r.i.s .e. .w.i
  [0E0] 00 74 00 68 00 6F 00 75  00 74 00 20 00 48 00 79  .t.h.o.u .t. .H.y
  [0F0] 00 70 00 65 00 72 00 2D  00 56 00 20 00 36 00 2E  .p.e.r.- .V. .6..
  [100] 00 30 00 00 00                                    .0... 
[2009/05/15 14:23:30,  5] libsmb/smb_signing.c:set_smb_signing_real_common(144)
  SMB signing enabled!
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:cli_simple_set_signing(494)
  cli_simple_set_signing: user_session_key
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] AC B5 20 7C B5 01 03 FA  62 DF AA 34 32 46 FB 25  .. |.... b..42F.%
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:cli_simple_set_signing(502)
  cli_simple_set_signing: NULL response_data
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 0
[2009/05/15 14:23:30, 10]
libsmb/smb_signing.c:client_sign_outgoing_message(351)
  client_sign_outgoing_message: sent SMB signature of
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] FD FA A5 59 E7 EA 02 4A                           ...Y...J 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:store_sequence_for_reply(67)
  store_sequence_for_reply: stored seq = 1 mid = 3
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80)
  get_sequence_for_reply: found seq = 1 mid = 3
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 1
[2009/05/15 14:23:30, 10]
libsmb/smb_signing.c:client_check_incoming_message(434)
  client_check_incoming_message: seq 1: got good SMB signature of
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] A2 AE 14 B6 AA A0 8F FD                           ........ 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 2
[2009/05/15 14:23:30, 10]
libsmb/smb_signing.c:client_sign_outgoing_message(351)
  client_sign_outgoing_message: sent SMB signature of
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] C6 51 EF 80 8D EE C3 EE                           .Q...... 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:store_sequence_for_reply(67)
  store_sequence_for_reply: stored seq = 3 mid = 4
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(236)
  write_socket(6,130)
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(239)
  write_socket(6,130) wrote 130
[2009/05/15 14:23:30, 10]
lib/util_sock.c:read_smb_length_return_keepalive(1187)
  got smb length of 56
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=56
  smb_com=0x75
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=2050
  smb_pid=927
  smb_uid=2050
  smb_mid=4
  smt_wct=7
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=   56 (0x38)
  smb_vwv[ 2]=    1 (0x1)
  smb_vwv[ 3]=  511 (0x1FF)
  smb_vwv[ 4]=   31 (0x1F)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_bcc=7
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 49 50 43 00 00 00 00                              IPC.... 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80)
  get_sequence_for_reply: found seq = 3 mid = 4
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 3
[2009/05/15 14:23:30, 10]
libsmb/smb_signing.c:client_check_incoming_message(434)
  client_check_incoming_message: seq 3: got good SMB signature of
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] E5 9C 28 F8 3E 4B 4C DA                           ..(.>KL. 
[2009/05/15 14:23:30, 10] libsmb/clientgen.c:cli_init_creds(415)
  cli_init_creds: user admuser@DOM.REALM.CO.COM domain 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 4
[2009/05/15 14:23:30, 10]
libsmb/smb_signing.c:client_sign_outgoing_message(351)
  client_sign_outgoing_message: sent SMB signature of
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 23 3D F0 D5 9E 30 22 6C                           #=...0"l 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:store_sequence_for_reply(67)
  store_sequence_for_reply: stored seq = 5 mid = 5
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(236)
  write_socket(6,104)
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(239)
  write_socket(6,104) wrote 104
[2009/05/15 14:23:30, 10]
lib/util_sock.c:read_smb_length_return_keepalive(1187)
  got smb length of 103
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=103
  smb_com=0xa2
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=2050
  smb_pid=927
  smb_uid=2050
  smb_mid=5
  smt_wct=34
  smb_vwv[ 0]=  255 (0xFF)
  smb_vwv[ 1]=  103 (0x67)
  smb_vwv[ 2]=  768 (0x300)
  smb_vwv[ 3]=  320 (0x140)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_vwv[10]=    0 (0x0)
  smb_vwv[11]=    0 (0x0)
  smb_vwv[12]=    0 (0x0)
  smb_vwv[13]=    0 (0x0)
  smb_vwv[14]=    0 (0x0)
  smb_vwv[15]=    0 (0x0)
  smb_vwv[16]=    0 (0x0)
  smb_vwv[17]=    0 (0x0)
  smb_vwv[18]=    0 (0x0)
  smb_vwv[19]=    0 (0x0)
  smb_vwv[20]=    0 (0x0)
  smb_vwv[21]=32768 (0x8000)
  smb_vwv[22]=    0 (0x0)
  smb_vwv[23]=    0 (0x0)
  smb_vwv[24]=   16 (0x10)
  smb_vwv[25]=    0 (0x0)
  smb_vwv[26]=    0 (0x0)
  smb_vwv[27]=    0 (0x0)
  smb_vwv[28]=    0 (0x0)
  smb_vwv[29]=    0 (0x0)
  smb_vwv[30]=    0 (0x0)
  smb_vwv[31]=  512 (0x200)
  smb_vwv[32]=65280 (0xFF00)
  smb_vwv[33]=    5 (0x5)
  smb_bcc=0
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80)
  get_sequence_for_reply: found seq = 5 mid = 5
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 5
[2009/05/15 14:23:30, 10]
libsmb/smb_signing.c:client_check_incoming_message(434)
  client_check_incoming_message: seq 5: got good SMB signature of
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 1C 76 F3 5F F5 B0 2F 76                           .v._../v 
[2009/05/15 14:23:30,  5] rpc_client/cli_pipe.c:rpc_pipe_bind(2201)
  Bind RPC Pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003
auth_type 0, auth_level 0
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000000 smb_io_rpc_hdr hdr
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0000 major     : 05
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0001 minor     : 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0002 pkt_type  : 0b
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0003 flags     : 03
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0004 pack_type0: 10
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0005 pack_type1: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0006 pack_type2: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0007 pack_type3: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0008 frag_len  : 0048
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      000a auth_len  : 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
      000c call_id   : 00000001
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000010 smb_io_rpc_hdr_rb 
[2009/05/15 14:23:30,  6] rpc_parse/parse_prs.c:prs_debug(88)
      000010 smb_io_rpc_hdr_bba 
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
          0010 max_tsize: 10b8
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
          0012 max_rsize: 10b8
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
          0014 assoc_gid: 00000000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0018 num_contexts: 01
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      001c context_id  : 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      001e num_transfer_syntaxes: 01
[2009/05/15 14:23:30,  6] rpc_parse/parse_prs.c:prs_debug(88)
      00001f smb_io_rpc_iface 
[2009/05/15 14:23:30,  7] rpc_parse/parse_prs.c:prs_debug(88)
          000020 smb_io_uuid uuid
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
              0020 data   : 12345778
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
              0024 data   : 1234
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
              0026 data   : abcd
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
              0028 data   : ef 00 
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
              002a data   : 01 23 45 67 89 ab 
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
          0030 version: 00000000
[2009/05/15 14:23:30,  6] rpc_parse/parse_prs.c:prs_debug(88)
      000034 smb_io_rpc_iface 
[2009/05/15 14:23:30,  7] rpc_parse/parse_prs.c:prs_debug(88)
          000034 smb_io_uuid uuid
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
              0034 data   : 8a885d04
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
              0038 data   : 1ceb
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
              003a data   : 11c9
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
              003c data   : 9f e8 
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
              003e data   : 08 00 2b 10 48 60 
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
          0044 version: 00000002
[2009/05/15 14:23:30,  5] rpc_client/cli_pipe.c:rpc_api_pipe(886)
  rpc_api_pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=154
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=2050
  smb_pid=927
  smb_uid=2050
  smb_mid=6
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   72 (0x48)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_vwv[10]=   82 (0x52)
  smb_vwv[11]=   72 (0x48)
  smb_vwv[12]=   82 (0x52)
  smb_vwv[13]=    2 (0x2)
  smb_vwv[14]=   38 (0x26)
  smb_vwv[15]=16387 (0x4003)
  smb_bcc=87
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 0B 03 10 00 00 00 48  00 00 00 01 00 00 00 B8  .......H ........
  [020] 10 B8 10 00 00 00 00 01  00 00 00 00 00 01 00 78  ........ .......x
  [030] 57 34 12 34 12 CD AB EF  00 01 23 45 67 89 AB 00  W4.4.... ..#Eg...
  [040] 00 00 00 04 5D 88 8A EB  1C C9 11 9F E8 08 00 2B  ....]... .......+
  [050] 10 48 60 02 00 00 00                              .H`.... 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 6
[2009/05/15 14:23:30, 10]
libsmb/smb_signing.c:client_sign_outgoing_message(351)
  client_sign_outgoing_message: sent SMB signature of
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 9A B3 DF 94 69 3C B4 5A                           ....i<.Z 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:store_sequence_for_reply(67)
  store_sequence_for_reply: stored seq = 7 mid = 6
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(236)
  write_socket(6,158)
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(239)
  write_socket(6,158) wrote 158
[2009/05/15 14:23:30, 10]
lib/util_sock.c:read_smb_length_return_keepalive(1187)
  got smb length of 124
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=124
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=2050
  smb_pid=927
  smb_uid=2050
  smb_mid=6
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   68 (0x44)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   68 (0x44)
  smb_vwv[ 7]=   56 (0x38)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_bcc=69
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 00 05 00 0C 03 10 00 00  00 44 00 00 00 01 00 00  ........ .D......
  [010] 00 B8 10 B8 10 2E 65 01  00 0C 00 5C 70 69 70 65  ......e. ...\pipe
  [020] 5C 6C 73 61 73 73 00 00  00 01 00 00 00 00 00 00  \lsass.. ........
  [030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
  [040] 60 02 00 00 00                                    `.... 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80)
  get_sequence_for_reply: found seq = 7 mid = 6
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 7
[2009/05/15 14:23:30, 10]
libsmb/smb_signing.c:client_check_incoming_message(434)
  client_check_incoming_message: seq 7: got good SMB signature of
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] B9 49 DB B1 D9 AC BC 56                           .I.....V 
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=124
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=2050
  smb_pid=927
  smb_uid=2050
  smb_mid=6
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   68 (0x44)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)

------- Comment #1 From Alex Green 2009-05-15 11:42:57 CST -------
  smb_vwv[ 6]=   68 (0x44)
  smb_vwv[ 7]=   56 (0x38)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_bcc=69
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 00 05 00 0C 03 10 00 00  00 44 00 00 00 01 00 00  ........ .D......
  [010] 00 B8 10 B8 10 2E 65 01  00 0C 00 5C 70 69 70 65  ......e. ...\pipe
  [020] 5C 6C 73 61 73 73 00 00  00 01 00 00 00 00 00 00  \lsass.. ........
  [030] 00 04 5D 88 8A EB 1C C9  11 9F E8 08 00 2B 10 48  ..]..... .....+.H
  [040] 60 02 00 00 00                                    `.... 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80)
  get_sequence_for_reply: found seq = 7 mid = 6
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000000 smb_io_rpc_hdr rpc_hdr   
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0000 major     : 05
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0001 minor     : 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0002 pkt_type  : 0c
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0003 flags     : 03
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0004 pack_type0: 10
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0005 pack_type1: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0006 pack_type2: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0007 pack_type3: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0008 frag_len  : 0044
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      000a auth_len  : 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
      000c call_id   : 00000001
[2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998)
  rpc_api_pipe: got PDU len of 68 at offset 0
[2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045)
  rpc_api_pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003
returned 68 bytes.
[2009/05/15 14:23:30,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
  rpc_pipe_bind: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003 bind
request returned ok.
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000000 smb_io_rpc_hdr hdr
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0000 major     : 05
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0001 minor     : 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0002 pkt_type  : 0c
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0003 flags     : 03
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0004 pack_type0: 10
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0005 pack_type1: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0006 pack_type2: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0007 pack_type3: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0008 frag_len  : 0044
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      000a auth_len  : 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
      000c call_id   : 00000001
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000010 smb_io_rpc_hdr_ba 
[2009/05/15 14:23:30,  6] rpc_parse/parse_prs.c:prs_debug(88)
      000010 smb_io_rpc_hdr_bba 
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
          0010 max_tsize: 10b8
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
          0012 max_rsize: 10b8
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
          0014 assoc_gid: 0001652e
[2009/05/15 14:23:30,  6] rpc_parse/parse_prs.c:prs_debug(88)
      000018 smb_io_rpc_addr_str 
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
          0018 len: 000c
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
          001a str: \pipe\lsass.
[2009/05/15 14:23:30,  6] rpc_parse/parse_prs.c:prs_debug(88)
      000026 smb_io_rpc_results 
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
          0028 num_results: 01
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
          002c result     : 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
          002e reason     : 0000
[2009/05/15 14:23:30,  6] rpc_parse/parse_prs.c:prs_debug(88)
      000030 smb_io_rpc_iface 
[2009/05/15 14:23:30,  7] rpc_parse/parse_prs.c:prs_debug(88)
          000030 smb_io_uuid uuid
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
              0030 data   : 8a885d04
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
              0034 data   : 1ceb
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
              0036 data   : 11c9
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
              0038 data   : 9f e8 
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8s(865)
              003a data   : 08 00 2b 10 48 60 
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
          0040 version: 00000002
[2009/05/15 14:23:30,  5] rpc_client/cli_pipe.c:check_bind_response(1845)
  check_bind_response: accepted!
[2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:cli_rpc_pipe_open_noauth(3011)
  cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine
dchost.dom.realm.co.com and bound anonymously.
[2009/05/15 14:23:30,  5] rpc_client/init_lsa.c:init_lsa_sec_qos(70)
  init_lsa_sec_qos
[2009/05/15 14:23:30,  5] rpc_client/init_lsa.c:init_lsa_obj_attr(90)
  init_lsa_obj_attr
      lsa_OpenPolicy: struct lsa_OpenPolicy
          in: struct lsa_OpenPolicy
              system_name              : *
                  system_name              : 0x005c (92)
              attr                     : *
                  attr: struct lsa_ObjectAttribute
                      len                      : 0x00000018 (24)
                      root_dir                 : NULL
                      object_name              : NULL
                      attributes               : 0x00000000 (0)
                      sec_desc                 : NULL
                      sec_qos                  : *
                          sec_qos: struct lsa_QosInfo
                              len                      : 0x0000000c (12)
                              impersonation_level      : 0x0002 (2)
                              context_mode             : 0x01 (1)
                              effective_only           : 0x00 (0)
              access_mask              : 0x02000000 (33554432)
                     0: LSA_POLICY_VIEW_LOCAL_INFORMATION
                     0: LSA_POLICY_VIEW_AUDIT_INFORMATION
                     0: LSA_POLICY_GET_PRIVATE_INFORMATION
                     0: LSA_POLICY_TRUST_ADMIN   
                     0: LSA_POLICY_CREATE_ACCOUNT
                     0: LSA_POLICY_CREATE_SECRET 
                     0: LSA_POLICY_CREATE_PRIVILEGE
                     0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
                     0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
                     0: LSA_POLICY_AUDIT_LOG_ADMIN
                     0: LSA_POLICY_SERVER_ADMIN  
                     0: LSA_POLICY_LOOKUP_NAMES  
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000000 smb_io_rpc_hdr hdr    
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0000 major     : 05
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0001 minor     : 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0002 pkt_type  : 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0003 flags     : 03
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0004 pack_type0: 10
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0005 pack_type1: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0006 pack_type2: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0007 pack_type3: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0008 frag_len  : 0044
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      000a auth_len  : 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
      000c call_id   : 00000002
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000010 smb_io_rpc_hdr_req hdr_req
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
      0010 alloc_hint: 0000002c
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0014 context_id: 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0016 opnum     : 0006
[2009/05/15 14:23:30,  5] rpc_client/cli_pipe.c:rpc_api_pipe(886)
  rpc_api_pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=150
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=2050
  smb_pid=927
  smb_uid=2050
  smb_mid=7
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   68 (0x44)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_vwv[10]=   82 (0x52)
  smb_vwv[11]=   68 (0x44)
  smb_vwv[12]=   82 (0x52)
  smb_vwv[13]=    2 (0x2)
  smb_vwv[14]=   38 (0x26)
  smb_vwv[15]=16387 (0x4003)
  smb_bcc=83
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 00 03 10 00 00 00 44  00 00 00 02 00 00 00 2C  .......D .......,
  [020] 00 00 00 00 00 06 00 00  00 02 00 5C 00 00 00 18  ........ ...\....
  [030] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
  [040] 00 00 00 04 00 02 00 0C  00 00 00 02 00 01 00 00  ........ ........
  [050] 00 00 02                                          ... 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 8
[2009/05/15 14:23:30, 10]
libsmb/smb_signing.c:client_sign_outgoing_message(351)
  client_sign_outgoing_message: sent SMB signature of
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] E8 CD FC 31 6E 62 A3 AE                           ...1nb.. 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:store_sequence_for_reply(67)
  store_sequence_for_reply: stored seq = 9 mid = 7
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(236)
  write_socket(6,154)
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(239)
  write_socket(6,154) wrote 154
[2009/05/15 14:23:30, 10]
lib/util_sock.c:read_smb_length_return_keepalive(1187)
  got smb length of 104
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=104
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=2050
  smb_pid=927
  smb_uid=2050
  smb_mid=7
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   48 (0x30)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   48 (0x30)
  smb_vwv[ 7]=   56 (0x38)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_bcc=49
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 00 05 00 02 03 10 00 00  00 30 00 00 00 02 00 00  ........ .0......
  [010] 00 18 00 00 00 00 00 00  00 00 00 00 00 C0 F1 DB  ........ ........
  [020] E0 86 07 65 48 A7 BF F3  76 6C DF D8 19 00 00 00  ...eH... vl......
  [030] 00                                                . 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80)
  get_sequence_for_reply: found seq = 9 mid = 7
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 9
[2009/05/15 14:23:30, 10]
libsmb/smb_signing.c:client_check_incoming_message(434)
  client_check_incoming_message: seq 9: got good SMB signature of
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] DC 41 B5 F1 A9 E4 A2 7C                           .A.....| 
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=104
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=2050
  smb_pid=927
  smb_uid=2050
  smb_mid=7
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   48 (0x30)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   48 (0x30)
  smb_vwv[ 7]=   56 (0x38)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_bcc=49
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 00 05 00 02 03 10 00 00  00 30 00 00 00 02 00 00  ........ .0......
  [010] 00 18 00 00 00 00 00 00  00 00 00 00 00 C0 F1 DB  ........ ........
  [020] E0 86 07 65 48 A7 BF F3  76 6C DF D8 19 00 00 00  ...eH... vl......
  [030] 00                                                . 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80)
  get_sequence_for_reply: found seq = 9 mid = 7
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000000 smb_io_rpc_hdr rpc_hdr   
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0000 major     : 05
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0001 minor     : 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0002 pkt_type  : 02
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0003 flags     : 03
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0004 pack_type0: 10
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0005 pack_type1: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0006 pack_type2: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0007 pack_type3: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0008 frag_len  : 0030
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      000a auth_len  : 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
      000c call_id   : 00000002
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
      0010 alloc_hint: 00000018
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0014 context_id: 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0016 cancel_ct : 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0017 reserved  : 00
[2009/05/15 14:23:30, 10]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711)
  cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0
[2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998)
  rpc_api_pipe: got PDU len of 48 at offset 0
[2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045)
  rpc_api_pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003
returned 48 bytes.
      lsa_OpenPolicy: struct lsa_OpenPolicy
          out: struct lsa_OpenPolicy
              handle                   : *
                  handle: struct policy_handle
                      handle_type              : 0x00000000 (0)
                      uuid                     :
e0dbf1c0-0786-4865-a7bf-f3766cdfd819
              result                   : NT_STATUS_OK
      lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
          in: struct lsa_QueryInfoPolicy2
              handle                   : *
                  handle: struct policy_handle
                      handle_type              : 0x00000000 (0)
                      uuid                     :
e0dbf1c0-0786-4865-a7bf-f3766cdfd819
              level                    : LSA_POLICY_INFO_DNS (12)
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000000 smb_io_rpc_hdr hdr    
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0000 major     : 05
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0001 minor     : 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0002 pkt_type  : 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0003 flags     : 03
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0004 pack_type0: 10
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0005 pack_type1: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0006 pack_type2: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0007 pack_type3: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0008 frag_len  : 002e
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      000a auth_len  : 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
      000c call_id   : 00000003
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000010 smb_io_rpc_hdr_req hdr_req
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
      0010 alloc_hint: 00000016
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0014 context_id: 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0016 opnum     : 002e
[2009/05/15 14:23:30,  5] rpc_client/cli_pipe.c:rpc_api_pipe(886)
  rpc_api_pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=128
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=2050
  smb_pid=927
  smb_uid=2050
  smb_mid=8
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   46 (0x2E)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_vwv[10]=   82 (0x52)
  smb_vwv[11]=   46 (0x2E)
  smb_vwv[12]=   82 (0x52)
  smb_vwv[13]=    2 (0x2)
  smb_vwv[14]=   38 (0x26)
  smb_vwv[15]=16387 (0x4003)
  smb_bcc=61
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 00 03 10 00 00 00 2E  00 00 00 03 00 00 00 16  ........ ........
  [020] 00 00 00 00 00 2E 00 00  00 00 00 C0 F1 DB E0 86  ........ ........
  [030] 07 65 48 A7 BF F3 76 6C  DF D8 19 0C 00           .eH...vl .....
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 10
[2009/05/15 14:23:30, 10]
libsmb/smb_signing.c:client_sign_outgoing_message(351)
  client_sign_outgoing_message: sent SMB signature of
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 48 D1 35 07 F3 CA F3 26                           H.5....& 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:store_sequence_for_reply(67)
  store_sequence_for_reply: stored seq = 11 mid = 8
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(236)
  write_socket(6,132)
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(239)
  write_socket(6,132) wrote 132
[2009/05/15 14:23:30, 10]
lib/util_sock.c:read_smb_length_return_keepalive(1187)
  got smb length of 272
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=272
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=2050
  smb_pid=927
  smb_uid=2050
  smb_mid=8
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  216 (0xD8)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  216 (0xD8)
  smb_vwv[ 7]=   56 (0x38)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_bcc=217
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 00 05 00 02 03 10 00 00  00 D8 00 00 00 03 00 00  ........ ........
  [010] 00 C0 00 00 00 00 00 00  00 00 00 02 00 0C 00 00  ........ ........
  [020] 00 0A 00 0C 00 04 00 02  00 24 00 26 00 08 00 02  ........ .$.&....
  [030] 00 18 00 1A 00 0C 00 02  00 94 A1 DA 7E 63 DC 64  ........ ....~c.d
  [040] 4F 98 9E 10 FB AA 0A 1C  76 10 00 02 00 06 00 00  O....... v.......
  [050] 00 00 00 00 00 05 00 00  00 5A 00 57 00 44 00 42  ........ .Z.W.D.B
  [060] 00 47 00 00 00 13 00 00  00 00 00 00 00 12 00 00  .G...... ........
  [070] 00 7A 00 77 00 64 00 62  00 67 00 2E 00 7A 00 77  .z.w.d.b .g...z.w
  [080] 00 61 00 64 00 73 00 2E  00 64 00 62 00 2E 00 63  .a.d.s.. .d.b...c
  [090] 00 6F 00 6D 00 0D 00 00  00 00 00 00 00 0C 00 00  .o.m.... ........
  [0A0] 00 7A 00 77 00 61 00 64  00 73 00 2E 00 64 00 62  .z.w.a.d .s...d.b
  [0B0] 00 2E 00 63 00 6F 00 6D  00 04 00 00 00 01 04 00  ...c.o.m ........
  [0C0] 00 00 00 00 05 15 00 00  00 36 89 AE 48 D5 01 B6  ........ .6..H...
  [0D0] 69 5E 05 C3 2F 00 00 00  00                       i^../... .
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80)
  get_sequence_for_reply: found seq = 11 mid = 8
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 11
[2009/05/15 14:23:30, 10]
libsmb/smb_signing.c:client_check_incoming_message(434)
  client_check_incoming_message: seq 11: got good SMB signature of
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 73 C3 0A AB 3C CD 7D C0                           s...<.}. 
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=272
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=2050
  smb_pid=927
  smb_uid=2050
  smb_mid=8
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=  216 (0xD8)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  216 (0xD8)
  smb_vwv[ 7]=   56 (0x38)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_bcc=217
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 00 05 00 02 03 10 00 00  00 D8 00 00 00 03 00 00  ........ ........
  [010] 00 C0 00 00 00 00 00 00  00 00 00 02 00 0C 00 00  ........ ........
  [020] 00 0A 00 0C 00 04 00 02  00 24 00 26 00 08 00 02  ........ .$.&....
  [030] 00 18 00 1A 00 0C 00 02  00 94 A1 DA 7E 63 DC 64  ........ ....~c.d
  [040] 4F 98 9E 10 FB AA 0A 1C  76 10 00 02 00 06 00 00  O....... v.......
  [050] 00 00 00 00 00 05 00 00  00 5A 00 57 00 44 00 42  ........ .Z.W.D.B
  [060] 00 47 00 00 00 13 00 00  00 00 00 00 00 12 00 00  .G...... ........
  [070] 00 7A 00 77 00 64 00 62  00 67 00 2E 00 7A 00 77  .z.w.d.b .g...z.w
  [080] 00 61 00 64 00 73 00 2E  00 64 00 62 00 2E 00 63  .a.d.s.. .d.b...c
  [090] 00 6F 00 6D 00 0D 00 00  00 00 00 00 00 0C 00 00  .o.m.... ........
  [0A0] 00 7A 00 77 00 61 00 64  00 73 00 2E 00 64 00 62  .z.w.a.d .s...d.b
  [0B0] 00 2E 00 63 00 6F 00 6D  00 04 00 00 00 01 04 00  ...c.o.m ........
  [0C0] 00 00 00 00 05 15 00 00  00 36 89 AE 48 D5 01 B6  ........ .6..H...
  [0D0] 69 5E 05 C3 2F 00 00 00  00                       i^../... .
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80)
  get_sequence_for_reply: found seq = 11 mid = 8
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000000 smb_io_rpc_hdr rpc_hdr   
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0000 major     : 05
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0001 minor     : 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0002 pkt_type  : 02
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0003 flags     : 03
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0004 pack_type0: 10
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0005 pack_type1: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0006 pack_type2: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0007 pack_type3: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0008 frag_len  : 00d8
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      000a auth_len  : 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
      000c call_id   : 00000003
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
      0010 alloc_hint: 000000c0
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0014 context_id: 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0016 cancel_ct : 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0017 reserved  : 00
[2009/05/15 14:23:30, 10]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711)
  cli_pipe_validate_current_pdu: got pdu len 216, data_len 192, ss_len 0
[2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998)
  rpc_api_pipe: got PDU len of 216 at offset 0
[2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045)
  rpc_api_pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003
returned 384 bytes.
      lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
          out: struct lsa_QueryInfoPolicy2
              info                     : *
                  info                     : *
                      info                     : union
lsa_PolicyInformation(case 12)
                      dns: struct lsa_DnsDomainInfo
                          name: struct lsa_StringLarge
                              length                   : 0x000a (10)
                              size                     : 0x000c (12)
                              string                   : *
                                  string                   : 'DOM'
                          dns_domain: struct lsa_StringLarge
                              length                   : 0x0024 (36)
                              size                     : 0x0026 (38)
                              string                   : *
                                  string                   : 'dom.realm.co.com'
                          dns_forest: struct lsa_StringLarge
                              length                   : 0x0018 (24)
                              size                     : 0x001a (26)
                              string                   : *
                                  string                   : 'realm.co.com'
                          domain_guid              :
7edaa194-dc63-4f64-989e-10fbaa0a1c76
                          sid                      : *
                              sid                      :
S-1-5-21-1219397942-1773535701-801310046
              result                   : NT_STATUS_OK
      lsa_Close: struct lsa_Close
          in: struct lsa_Close
              handle                   : *
                  handle: struct policy_handle
                      handle_type              : 0x00000000 (0)
                      uuid                     :
e0dbf1c0-0786-4865-a7bf-f3766cdfd819
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000000 smb_io_rpc_hdr hdr    
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0000 major     : 05
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0001 minor     : 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0002 pkt_type  : 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0003 flags     : 03
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0004 pack_type0: 10
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0005 pack_type1: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0006 pack_type2: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0007 pack_type3: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0008 frag_len  : 002c
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      000a auth_len  : 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
      000c call_id   : 00000004
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000010 smb_io_rpc_hdr_req hdr_req
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
      0010 alloc_hint: 00000014
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0014 context_id: 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0016 opnum     : 0000
[2009/05/15 14:23:30,  5] rpc_client/cli_pipe.c:rpc_api_pipe(886)
  rpc_api_pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=126
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=51201
  smb_tid=2050
  smb_pid=927
  smb_uid=2050
  smb_mid=9
  smt_wct=16
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   44 (0x2C)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]= 4280 (0x10B8)
  smb_vwv[ 4]=    0 (0x0)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=    0 (0x0)
  smb_vwv[ 7]=    0 (0x0)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_vwv[10]=   82 (0x52)
  smb_vwv[11]=   44 (0x2C)
  smb_vwv[12]=   82 (0x52)
  smb_vwv[13]=    2 (0x2)
  smb_vwv[14]=   38 (0x26)
  smb_vwv[15]=16387 (0x4003)
  smb_bcc=59
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 00 5C 00 50 00 49 00 50  00 45 00 5C 00 00 00 05  .\.P.I.P .E.\....
  [010] 00 00 03 10 00 00 00 2C  00 00 00 04 00 00 00 14  ......., ........
  [020] 00 00 00 00 00 00 00 00  00 00 00 C0 F1 DB E0 86  ........ ........
  [030] 07 65 48 A7 BF F3 76 6C  DF D8 19                 .eH...vl ...
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 12
[2009/05/15 14:23:30, 10]
libsmb/smb_signing.c:client_sign_outgoing_message(351)
  client_sign_outgoing_message: sent SMB signature of
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 91 C9 AD 6A E9 0A EB 1A                           ...j.... 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:store_sequence_for_reply(67)
  store_sequence_for_reply: stored seq = 13 mid = 9
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(236)
  write_socket(6,130)
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(239)
  write_socket(6,130) wrote 130
[2009/05/15 14:23:30, 10]
lib/util_sock.c:read_smb_length_return_keepalive(1187)
  got smb length of 104
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=104
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=2050
  smb_pid=927
  smb_uid=2050
  smb_mid=9
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   48 (0x30)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   48 (0x30)
  smb_vwv[ 7]=   56 (0x38)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_bcc=49
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 00 05 00 02 03 10 00 00  00 30 00 00 00 04 00 00  ........ .0......
  [010] 00 18 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
  [020] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
  [030] 00                                                . 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80)
  get_sequence_for_reply: found seq = 13 mid = 9
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 13
[2009/05/15 14:23:30, 10]
libsmb/smb_signing.c:client_check_incoming_message(434)
  client_check_incoming_message: seq 13: got good SMB signature of
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 23 24 C9 FA DF F2 66 75                           #$....fu 
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=104
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=2050
  smb_pid=927
  smb_uid=2050
  smb_mid=9
  smt_wct=10
  smb_vwv[ 0]=    0 (0x0)
  smb_vwv[ 1]=   48 (0x30)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=   48 (0x30)
  smb_vwv[ 7]=   56 (0x38)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=    0 (0x0)
  smb_bcc=49
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 00 05 00 02 03 10 00 00  00 30 00 00 00 04 00 00  ........ .0......
  [010] 00 18 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
  [020] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
  [030] 00                                                . 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80)
  get_sequence_for_reply: found seq = 13 mid = 9
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000000 smb_io_rpc_hdr rpc_hdr   
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0000 major     : 05
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0001 minor     : 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0002 pkt_type  : 02
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0003 flags     : 03
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0004 pack_type0: 10
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0005 pack_type1: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0006 pack_type2: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0007 pack_type3: 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0008 frag_len  : 0030
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      000a auth_len  : 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
      000c call_id   : 00000004
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_debug(88)
  000010 smb_io_rpc_hdr_resp rpc_hdr_resp
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint32(718)
      0010 alloc_hint: 00000018
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint16(689)
      0014 context_id: 0000
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0016 cancel_ct : 00
[2009/05/15 14:23:30,  5] rpc_parse/parse_prs.c:prs_uint8(624)
      0017 reserved  : 00
[2009/05/15 14:23:30, 10]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(711)
  cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0
[2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_api_pipe(998)
  rpc_api_pipe: got PDU len of 48 at offset 0
[2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_api_pipe(1045)
  rpc_api_pipe: host dchost.dom.realm.co.com, pipe \lsarpc, fnum 0x4003
returned 48 bytes.
      lsa_Close: struct lsa_Close
          out: struct lsa_Close
              handle                   : *
                  handle: struct policy_handle
                      handle_type              : 0x00000000 (0)
                      uuid                     :
00000000-0000-0000-0000-000000000000
              result                   : NT_STATUS_OK
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 14
[2009/05/15 14:23:30, 10]
libsmb/smb_signing.c:client_sign_outgoing_message(351)
  client_sign_outgoing_message: sent SMB signature of
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 78 7B 2D 34 0A 39 9D 44                           x{-4.9.D 
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:store_sequence_for_reply(67)
  store_sequence_for_reply: stored seq = 15 mid = 10
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(236)
  write_socket(6,45)
[2009/05/15 14:23:30,  6] libsmb/clientgen.c:write_socket(239)
  write_socket(6,45) wrote 45
[2009/05/15 14:23:30, 10]
lib/util_sock.c:read_smb_length_return_keepalive(1187)
  got smb length of 35
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(645)
[2009/05/15 14:23:30,  5] lib/util.c:show_msg(655)
  size=35
  smb_com=0x4
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=51205
  smb_tid=2050
  smb_pid=927
  smb_uid=2050
  smb_mid=10
  smt_wct=0
  smb_bcc=0
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:get_sequence_for_reply(80)
  get_sequence_for_reply: found seq = 15 mid = 10
[2009/05/15 14:23:30, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 15
[2009/05/15 14:23:30, 10]
libsmb/smb_signing.c:client_check_incoming_message(434)
  client_check_incoming_message: seq 15: got good SMB signature of
[2009/05/15 14:23:30, 10] lib/util.c:dump_data(2233)
  [000] 4E F7 B5 D3 C1 4B FB 1C                           N....K.. 
[2009/05/15 14:23:30, 10] rpc_client/cli_pipe.c:rpc_pipe_destructor(2366)
  rpc_pipe_destructor: closed host dchost.dom.realm.co.com, pipe \lsarpc, fnum
0x4003
[2009/05/15 14:23:30,  5] libads/ldap.c:ads_try_connect(203)
  ads_try_connect: sending CLDAP request to dchost.dom.realm.co.com (realm:
dom.realm.co.com)
      &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
          command                  : LOGON_SAM_LOGON_RESPONSE_EX (23)
          sbz                      : 0x0000 (0)
          server_type              : 0x000011fc (4604)
                 0: NBT_SERVER_PDC           
                 1: NBT_SERVER_GC            
                 1: NBT_SERVER_LDAP          
                 1: NBT_SERVER_DS            
                 1: NBT_SERVER_KDC           
                 1: NBT_SERVER_TIMESERV      
                 1: NBT_SERVER_CLOSEST       
                 1: NBT_SERVER_WRITABLE      
                 0: NBT_SERVER_GOOD_TIMESERV 
                 0: NBT_SERVER_NDNC          
                 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
                 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
          domain_uuid              : 7edaa194-dc63-4f64-989e-10fbaa0a1c76
          forest                   : 'realm.co.com'
          dns_domain               : 'dom.realm.co.com'
          pdc_dns_name             : 'dchost.dom.realm.co.com'
          domain                   : 'DOM'
          pdc_name                 : 'LONADENGWVM2'
          user_name                : ''
          server_site              : 'Default-First-Site-Name'
          client_site              : 'Default-First-Site-Name'
          sockaddr_size            : 0x00 (0)
          sockaddr: struct nbt_sockaddr
              sockaddr_family          : 0x00000000 (0)
              pdc_ip                   : (null)
              remaining                : DATA_BLOB length=0
          next_closest_site        : NULL
          nt_version               : 0x00000005 (5)
                 1: NETLOGON_NT_VERSION_1    
                 0: NETLOGON_NT_VERSION_5    
                 1: NETLOGON_NT_VERSION_5EX  
                 0: NETLOGON_NT_VERSION_5EX_WITH_IP
                 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
                 0: NETLOGON_NT_VERSION_AVIOD_NT4EMUL
                 0: NETLOGON_NT_VERSION_PDC  
                 0: NETLOGON_NT_VERSION_IP   
                 0: NETLOGON_NT_VERSION_LOCAL
                 0: NETLOGON_NT_VERSION_GC   
          lmnt_token               : 0xffff (65535)
          lm20_token               : 0xffff (65535)
[2009/05/15 14:23:30, 10] libads/dns.c:sitename_store(778)
  sitename_store: realm = [DOM], sitename = [Default-First-Site-Name], expire =
[4294967295]
[2009/05/15 14:23:30, 10] lib/gencache.c:gencache_set(131)
  Adding cache entry with key = AD_SITENAME/DOMAIN/DOM; value =
Default-First-Site-Name and timeout = (null) (-1242393811 seconds ahead)
[2009/05/15 14:23:30, 10] libads/dns.c:sitename_store(778)
  sitename_store: realm = [dom.realm.co.com], sitename =
[Default-First-Site-Name], expire = [4294967295]
[2009/05/15 14:23:30, 10] lib/gencache.c:gencache_set(131)
  Adding cache entry with key = AD_SITENAME/DOMAIN/DOM.REALM.CO.COM; value =
Default-First-Site-Name and timeout = (null) (-1242393811 seconds ahead)
[2009/05/15 14:23:30,  3] libads/ldap.c:ads_connect(621)
  Successfully contacted LDAP server IPADDRESS
[2009/05/15 14:23:30, 10] libads/ldap.c:ldap_open_with_timeout(62)
  Opening connection to LDAP server 'dchost.dom.realm.co.com:389', timeout 15
seconds
[2009/05/15 14:23:30, 10] libads/ldap.c:ldap_open_with_timeout(76)
  Connected to LDAP server 'dchost.dom.realm.co.com:389'
[2009/05/15 14:23:30,  3] libads/ldap.c:ads_connect(675)
  Connected to LDAP server dchost.dom.realm.co.com
[2009/05/15 14:23:30, 10] libads/ldap.c:ads_closest_dc(165)
  ads_closest_dc: NBT_SERVER_CLOSEST flag set
[2009/05/15 14:23:30, 10] libsmb/namequery.c:saf_store(86)
  saf_store: domain = [DOM], server = [dchost.dom.realm.co.com], expire =
[1242394710]
[2009/05/15 14:23:30, 10] lib/gencache.c:gencache_set(131)
  Adding cache entry with key = SAF/DOMAIN/DOM; value = dchost.dom.realm.co.com
and timeout = Fri May 15 14:38:30 2009
   (900 seconds ahead)
[2009/05/15 14:23:30, 10] libsmb/namequery.c:saf_store(86)
  saf_store: domain = [dom.realm.co.com], server = [dchost.dom.realm.co.com],
expire = [1242394710]
[2009/05/15 14:23:30, 10] lib/gencache.c:gencache_set(131)
  Adding cache entry with key = SAF/DOMAIN/DOM.REALM.CO.COM; value =
dchost.dom.realm.co.com and timeout = Fri May 15 14:38:30 2009
   (900 seconds ahead)
[2009/05/15 14:23:30,  4] libads/ldap.c:ads_current_time(2860)
  time offset is 26 seconds
[2009/05/15 14:23:30,  4] libads/sasl.c:ads_sasl_bind(1112)
  Found SASL mechanism GSS-SPNEGO
[2009/05/15 14:23:30,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2009/05/15 14:23:30,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2009/05/15 14:23:30,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2009/05/15 14:23:30,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2009/05/15 14:23:30,  3] libads/sasl.c:ads_sasl_spnego_bind(789)
  ads_sasl_spnego_bind: got server principal name =
not_defined_in_RFC4178@please_ignore
[2009/05/15 14:23:30,  3] libsmb/clikrb5.c:ads_krb5_mk_req(677)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2009/05/15 14:23:30, 10] libads/sasl.c:ads_sasl_spnego_bind(810)
  ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling
kinit
[2009/05/15 14:23:30, 10] libads/kerberos.c:kerberos_kinit_password_ext(217)
  kerberos_kinit_password: as admuser@DOM.REALM.CO.COM@DOM.REALM.CO.COM using
[MEMORY:net_ads] as ccache and config [(null)]
[2009/05/15 14:23:30,  0] libads/kerberos.c:ads_kinit_password(362)
  kerberos_kinit_password admuser@DOM.REALM.CO.COM@DOM.REALM.CO.COM failed:
Malformed representation of principal
[2009/05/15 14:23:30,  1] libnet/libnet_join.c:libnet_Join(1902)
  libnet_Join:
      libnet_JoinCtx: struct libnet_JoinCtx
          out: struct libnet_JoinCtx
              account_name             : NULL
              netbios_domain_name      : 'dom'
              dns_domain_name          : 'dom.realm.co.com'
              forest_name              : 'realm.co.com'
              dn                       : NULL
              domain_sid               : *
                  domain_sid               :
S-1-5-21-1219397942-1773535701-801310046
              modified_config          : 0x00 (0)
              error_string             : 'failed to connect to AD: Malformed
representation of principal'
              domain_is_ad             : 0x01 (1)
              result                   : WERR_DEFAULT_JOIN_REQUIRED
[2009/05/15 14:23:30, 10] intl/lang_tdb.c:lang_tdb_init(138)
  lang_tdb_init: /usr/lib64/samba/POSIX.msg: No such file or directory
[2009/05/15 14:23:30,  2] utils/net.c:main(770)
  return code = -1
Failed to join domain: failed to connect to AD: Malformed representation of
principal

------- Comment #2 From Alex Green 2009-05-15 11:45:56 CST -------
Created an attachment (id=4161) [details]
Debug Level 10 Log (as pasted into comments)

------- Comment #3 From Alex Green 2009-05-24 09:33:33 CST -------
http://kb.mit.edu/confluence/display/ist/Error+Message+Malformed+representation+of+principal+while+logging+in.

Related?

Checking required?

------- Comment #4 From Volker Lendecke 2009-05-27 02:51:09 CST -------
Can you try to join with just -Uadmuser?

Thanks,

Volker

------- Comment #5 From Alex Green 2009-05-27 04:23:30 CST -------
That works as expected, so I guess the @REALM was causing the issue, even
though it works like that on 3.0.34.

Is there any way to control the contents of the generated krb5.conf.WORKGROUP
file?

My system krb5.conf has these as [libdefaults]:
        default_realm = REALM
        default_tkt_enctypes = aes256-cts aes128-cts arcfour-hmac des-cbc-md5
des-cbc-crc
        default_tgs_enctypes = aes256-cts aes128-cts arcfour-hmac des-cbc-md5
des-cbc-crc
        permitted_enctypes = aes256-cts aes128-cts arcfour-hmac des-cbc-md5
des-cbc-crc
        udp_preference_limit = 1


However net ads join is creating the following:
        default_realm = REALM
        default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
        default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
        preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5


It also fails to use the valid ticket cache under /tmp/krb5cc_0, is this also
expected?


I'll submit the full Debug 10 log once I've cleaned it.

Thanks,
Alex

------- Comment #6 From Alex Green 2009-05-27 04:37:29 CST -------
Created an attachment (id=4209) [details]
New net ads join output - debug 10

net -d 10 -U admuser ads join createcomputer="REG/CN/OU/Services/"

------- Comment #7 From James Goodwin 2009-06-03 14:23:45 CST -------
We have the same problem with the debian lenny 3.2.5 version.

Our use case is that we need to allow an administrator from a top level domain
in a forest join machines to child domains, this bug is blocking that ability.

The problem seems to have to do with the join code moving to
libnet/libnet_join.c and when it is called from net_ads the opt_user_name is
passed which is the full user name in our case since we put the user name in
the LOGNAME environment. In the past code in utils/net_ads.c would parse that
into the ads->auth.user_name and ads->auth.realm parts and that was used, now
it gets passed through and the default realm is appended to it in ads_connect
causing the problem.

I have a patch to libads/ldap.c that fixes it for our case:
Index: ldap.c
===================================================================
--- ldap.c      (revision 97512)
+++ ldap.c      (working copy)
@@ -397,6 +397,7 @@
        ADS_STATUS status;
        NTSTATUS ntstatus;
        char addr[INET6_ADDRSTRLEN];
+       char *cp;

        ZERO_STRUCT(ads->ldap);
        ads->ldap.last_attempt  = time(NULL);
@@ -437,7 +438,21 @@
        }

        if (!ads->auth.realm) {
-               ads->auth.realm = SMB_STRDUP(ads->config.realm);
+         /*
+          * If the username is of the form "name@realm",
+          * extract the realm and convert to upper case.
+          * This is only used to establish the connection.
+          */
+         if ((cp = strchr_m(ads->auth.user_name, '@'))!=0) {
+           *cp++ = '\0';
+           SAFE_FREE(ads->auth.realm);
+           ads->auth.realm = smb_xstrdup(cp);
+           strupper_m(ads->auth.realm);
+         }
+         else {
+           /* otherwise take the default realm from the config */
+           ads->auth.realm = SMB_STRDUP(ads->config.realm);
+         }
        }

        if (!ads->auth.kdc_server) {

------- Comment #8 From Karolin Seeger 2009-09-19 12:34:49 CST -------
Volker, is this a blocker for 3.3.8?

------- Comment #9 From Volker Lendecke 2009-09-19 13:19:27 CST -------
I wouldn't call it a blocker. Re-assigning to Günther, the libnet join stuff
is mostly his code.

Volker

------- Comment #10 From Jim McDonough 2010-08-12 15:52:35 CST -------
I'll take this as I've got someone hitting it.  The patch does fix it, but I'm
going to just test it and make sure I'm happy with the actual fix.

------- Comment #11 From Jim McDonough 2010-08-12 16:31:07 CST -------
Ok, I really think this belongs in a more central place, but for now, since
every bit of samba does its own parsing, I'll do this here.  However, I don't
want to do it at this level, but instead higher up in libnet.  The potential is
too high to break things at the ads_connect() level, I think.

------- Comment #12 From Jim McDonough 2010-08-12 19:03:20 CST -------
Created an attachment (id=5901) [details]
Patch for 3.5

------- Comment #13 From Jim McDonough 2010-08-12 19:03:45 CST -------
Created an attachment (id=5902) [details]
Patch for 3.4

------- Comment #14 From Jim McDonough 2010-08-13 07:37:04 CST -------
Karolin, can you add these to 3.4 and 3.4, assuming Günther approves?

------- Comment #15 From Karolin Seeger 2010-08-23 04:18:08 CST -------
Reassigning to Günther for review.

Bug 6368 - Opening "Printer" folder from Vista becomes freezed
Bug#: 6368 Product:  Samba 3.3 Version: 3.3.4 Platform: x86
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: monyo@samba.gr.jp QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: Opening "Printer" folder from Vista becomes freezed
Keywords:  
Opened: 2009-05-16 09:07 CST
Description:   Opened: 2009-05-16 09:07 CST
Opening "Printer" folder from Vista becomes freezed.

(0) Connect to the samba server via "net use \\samba\ipc$ pass /user:root".
(1) Input "\\samba" into address bar 
(2) Click "Printer" folder
(3) Explorer is freezed (infinity looping?).

My smb.conf:

-----
[global]

  passdb backend = tdbsam

  printing = bsd

  add printer command = /usr/local/samba/bin/addprinter

[printer1]
  printable = yes
  printer name = lp
  print command = (ls -l %s >> /tmp/printlog);( echo "printed %s on %p" >>
/tmp/
printlog)
  path = /tmp
-----

------- Comment #1 From TAKAHASHI Motonobu 2009-05-16 09:10:12 CST -------
Created an attachment (id=4164) [details]
Level 10 log

Bug 6369 - "add printer" command is executed when uploading driver via APW
Bug#: 6369 Product:  Samba 3.3 Version: 3.3.4 Platform: x86
OS/Version: Linux Status: NEW Severity: minor Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: monyo@samba.gr.jp QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: "add printer" command is executed when uploading driver via APW
Keywords:  
Opened: 2009-05-16 10:38 CST
Description:   Opened: 2009-05-16 10:38 CST
"add printer" command is executed when uploading driver via APW 

When we upload a printer driver as desribed:  
 
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/classicalprinting.html#id2624181
 * Associate an uploaded driver with an existing (but still driverless) print
queue. 

 add printer command is executed.
In the document says:
-----
When using the APW from a client, if the named printer share does not exist,
smbd will execute the add printer command.
-----

But regardless of existing the printer share, add printer command is executed.

I checked this behavior at Samba 3.3.4 (and Samba 3.0.7 several years ago).

------- Comment #1 From Karolin Seeger 2009-05-19 04:30:22 CST -------
Günther, what's the right thing here:
Updating the documentation or running the command only if the printer share
does not exist?

Bug 6379 - hyena crashes badly when accessing "services" tab (svcctl) on a samba server
Bug#: 6379 Product:  Samba 3.4 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: gd@samba.org QA Contact: samba-qa@samba.org
Component: File services Target Milestone: ---
URL: 
Summary: hyena crashes badly when accessing "services" tab (svcctl) on a samba server
Keywords:  
Opened: 2009-05-19 16:41 CST
Description:   Opened: 2009-05-19 16:41 CST
hyena crashes when accessing "services" tab (svcctl)

need to investigate further why.

Bug 6485 - force_lookup parameter to get_peer_name not effective
Bug#: 6485 Product:  Samba 3.3 Version: 3.3.5 Platform: Sparc
OS/Version: Solaris Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: tom@ee.ucl.ac.uk QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: force_lookup parameter to get_peer_name not effective
Keywords:  
Opened: 2009-06-18 07:40 CST
Description:   Opened: 2009-06-18 07:40 CST
If the hostname lookups config parameter is false (the default) then
force_lookup will not cause get_peer_name to lookup and return the peer's DNS
name. The reason is that if get_peer_name has previously been called with
force_lookup set to false and hostname lookups is false, the IP address is
cached instead of the name and subsequent calls always return the cached value
even if force_lookup is true.

get_peer_name() is in util_sock.c at line 1815

The code would seem to imply that it was intended that force_lookup would cause
a full DNS lookup no matter what the status of hostname lookups, but it doesn't
work due to the cache feature.

What is the intended behaviour?
As it is, the result is that hostnames in allow hosts or deny hosts lists will
not be matched unless hostname lookups is true. This is not documented in the
hosts allow/deny section of the man page, though it is hinted at in the
hostname lookups section.

I'm happy to provide code/words to do one of the following:

fix get_peer_name to honour the force_lookup flag (would need some input on how
the cache works)
add some words to hosts allow/deny manual section saying that hostnames will
never be matched if hostname lookups is false
add some words to the %M section of the manual page saying that IP addresses
will appear unless hostname lookups is true.

------- Comment #1 From Daniel Kobras 2009-10-13 07:00:08 CST -------
We've hit this problem when upgrading from 3.0.28a to 3.2.15: In the 3.0
version, hostnames in hosts allow/deny were correctly matched even without
"hostname lookups = yes". In 3.2, we get

[2009/10/13 09:56:02,  3] lib/access.c:check_access(396)
  check_access: hostnames in host allow/deny list.
[2009/10/13 09:56:02,  0] lib/access.c:check_access(410)
  Denied connection from 1.2.3.4 (1.2.3.4)

This indicates that get_peer_name() returned an IP address instead of a
hostname even with parameter "force_lookup" set as true. Reverse lookup of
"1.2.3.4" works fine on the Samba server.

For us using "hosts allow" only, this just implies a regression from 3.0 to
3.2. However, considering configurations like "hosts deny = <hostname>", the
issue amounts to a security problem, I believe.

Bug 6491 - Netbios Name with hyphen
Bug#: 6491 Product:  Samba 3.3 Version: 3.3.2 Platform: x86
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: tisdn.livre@gmail.com QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: Netbios Name with hyphen
Keywords:  
Opened: 2009-06-22 07:20 CST
Description:   Opened: 2009-06-22 07:20 CST
We've had a problem using Samba 3.3.2 and windows 2000 workstations sp4. After
many tests, it was discovered that when the netbios name has an hyphen the
windows 2000 workstations don't see the groups on the samba domain, but when
the name is changed for one without hyphen the error doesn't occur.

Steps to reproduce the problem:
- Configure samba 3.3.2 as domain controller
- Fill the netbios name parameter (smb.conf) using a name with hyphen like:
xxx-yyy
- Join the w2k workstation on the domain
- On the w2k workstation, logon using a non-administrative account and type
"net user <user> /domain"
- The result will be "access denied"

Do the same test using a netbios name without hyphen (it works!).

Bug 6522 - pppd winbind plugin do not work with new winbind
Bug#: 6522 Product:  Samba 3.3 Version: 3.3.4 Platform: x86
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: thecrux@gmail.com QA Contact: samba-qa@samba.org
Component: Winbind Target Milestone: ---
URL: 
Summary: pppd winbind plugin do not work with new winbind
Keywords:  
Opened: 2009-06-30 08:42 CST
Description:   Opened: 2009-06-30 08:42 CST
there is system with debian lenny as dialin-server.
pppd use winbind.so plugin for authentication against AD (/etc/ppp/options):
...
require-mschap-v2
require-mppe-128
plugin winbind.so
ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1"
...

winbind configured as a member of a AD domain and works fine.

XP/Vista dialin clients disconnects with this error, after a successful
authentication:

"Error 778: It was not possible to verify the identity of the server"

pppd log:
...
sent [CHAP Challenge id=0xb6 <fad6402e54549963ba95b8a601b247e1>, name =
"SERVER"]
rcvd [LCP Ident id=0x4 magic=0x4b183c95 "MSRASV5.10"]
rcvd [LCP Ident id=0x5 magic=0x4b183c95 "MSRAS-0-CLIENT"]
rcvd [LCP EchoRep id=0x0 magic=0x4b183c95]
rcvd [CHAP Response id=0xb6
<8398d101f626eedb1df5bb9e7f8dddf80000000000000000abf28b770748f4e622fe77e7466a789487e60ed29b83bf7c00>,
name = "domain\\user"]
sent [CHAP Success id=0xb6 "S=9B12ED6F2BBDE806EFC3FC9947D848C7F4226266 M=Access
granted"]
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [LCP TermReq id=0x6 "K\030<\37777777625\000<\37777777715t\000\000\003\n"]
LCP terminated by peer (K^X<M-^U^@<M-Mt^@^@^C^J)
...


i have found the same issue here, but it was fixed in 3.2.1:
http://www.nabble.com/samba-3.2-breaks-ppp-winbind-plugin-td18715806.html

have try this versions os samba: 3.2.5-4lenny6 (in lenny) 3.3.4-1~bpo50+2 (in
backports), but without success.


Also i try to configure a radius server with AD integration
(http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO) and
use pppd radius plugin. But with same negative result from clients: Error 778.

------- Comment #1 From Vladimir Lettiev 2009-07-01 01:55:43 CST -------
Today i came back to work and discover that problem disappeared: dialup client
can connect. But when winbind service was restarted problem come back again :(

Also i tried to dialup from linuxbox. Client pppd returned this error:
...
rcvd [CHAP Success id=0x9f "S=36CCDA5954D68F37A3A1B58651BFB3B6237026C2 M=Access
granted"]
MS-CHAPv2 mutual authentication failed.
CHAP authentication failed
sent [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
...

symptoms of failure is the same as in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518229 , but in my case
winbind need some time (several hours?) to self-repair.

------- Comment #2 From Vladimir Lettiev 2009-07-05 16:38:50 CST -------
Downgrade to 3.0.35 solved the problem.

------- Comment #3 From David Herselman 2010-05-20 05:11:31 CST -------
I can confirm that this problem causes intermittend problems with a Windows
2008 domain (domain functional level raised to 'Windows Server 2008'.

NB: Users can eventually connect if they try enough times

Also using winbind for Squid NTLM authentication which is working perfectly.

Running Samba 3.3.12 with pptpd 1.3.4-1.rhel5.1

------- Comment #4 From Robert LeBlanc 2010-06-03 15:34:52 CST -------
I am experienceing the problem as well. We are running winbindd 3.4.8 (Debian
Squeeze) and I've also tried 3.5.3 (Squeeze base with samba and winbind from
Debian Experimental), both are showing the same problem, client can not
authenticate server. The client is sending back garbage after it get the
'access granted' message. The same config works fine with chap_secrets and
disabling winbind:

Jun  2 16:56:05 debian pppd[17472]: pppd 2.4.4 started by root, uid 0
Jun  2 16:56:05 debian pppd[17472]: using channel 17
Jun  2 16:56:05 debian pppd[17472]: Using interface ppp0
Jun  2 16:56:05 debian pppd[17472]: Connect: ppp0 <--> /dev/pts/2
Jun  2 16:56:05 debian pppd[17472]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MS-v2> <magic 0xa2912b7> <pcomp> <accomp>]
Jun  2 16:56:05 debian pptpd[17470]: GRE: Bad checksum from pppd.
Jun  2 16:56:05 debian pppd[17472]: rcvd [LCP ConfReq id=0x0 <mru 1400> <magic
0x648b71fd> <pcomp> <accomp> <callback CBCP>]
Jun  2 16:56:05 debian pppd[17472]: sent [LCP ConfRej id=0x0 <callback CBCP>]
Jun  2 16:56:05 debian pppd[17472]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0>
<auth chap MS-v2> <magic 0xa2912b7> <pcomp> <accomp>]
Jun  2 16:56:05 debian pppd[17472]: rcvd [LCP ConfReq id=0x1 <mru 1400> <magic
0x648b71fd> <pcomp> <accomp>]
Jun  2 16:56:05 debian pppd[17472]: sent [LCP ConfAck id=0x1 <mru 1400> <magic
0x648b71fd> <pcomp> <accomp>]
Jun  2 16:56:05 debian pppd[17472]: sent [LCP EchoReq id=0x0 magic=0xa2912b7]
Jun  2 16:56:05 debian pppd[17472]: sent [CHAP Challenge id=0x75
<d33a4de16233bb406c42b02c9801acd4>, name = "debian"]
Jun  2 16:56:05 debian pppd[17472]: rcvd [LCP Ident id=0x2 magic=0x648b71fd
"MSRASV5.10"]
Jun  2 16:56:05 debian pppd[17472]: rcvd [LCP Ident id=0x3 magic=0x648b71fd
"MSRAS-0-WINCOMP"]
Jun  2 16:56:05 debian pppd[17472]: rcvd [LCP EchoRep id=0x0 magic=0x648b71fd]
Jun  2 16:56:05 debian pppd[17472]: rcvd [CHAP Response id=0x75
<69dbcaab0e152ea056654a46c4ca7bae00000000000000006d7bcc32ef97cfafde7c34570aaa0c55e83b8475da22923300>,
name = "DOMAIN\\user"]
Jun  2 16:56:05 debian pptpd[17470]: CTRL: Ignored a SET LINK INFO packet with
real ACCMs!
Jun  2 16:56:05 debian pppd[17472]: sent [CHAP Success id=0x75
"S=B68D646C4DC626290C5BCD1148AE833C004B1E70 M=Access granted"]
Jun  2 16:56:05 debian pppd[17472]: sent [CCP ConfReq id=0x1 <mppe +H -M +S -L
-D -C>]
Jun  2 16:56:05 debian pppd[17472]: rcvd [LCP TermReq id=0x4
"d\37777777613q\37777777775\000<\37777777715t\000\000\003\n"]
Jun  2 16:56:05 debian pppd[17472]: LCP terminated by peer
(dM-^KqM-}^@<M-Mt^@^@^C^J)
Jun  2 16:56:05 debian pppd[17472]: sent [LCP TermAck id=0x4]
Jun  2 16:56:05 debian pptpd[17470]: CTRL: Reaping child PPP[17472]
Jun  2 16:56:05 debian pppd[17472]: Modem hangup
Jun  2 16:56:05 debian pppd[17472]: Connection terminated.
Jun  2 16:56:05 debian pppd[17472]: Connect time 0.0 minutes.
Jun  2 16:56:05 debian pppd[17472]: Sent 10 bytes, received 0 bytes.
Jun  2 16:56:06 debian pppd[17472]: Exit.

------- Comment #5 From Guenther Deschner 2010-06-21 09:14:25 CST -------
Tried very hard to reproduce this but cannot.

I was trying MSCHAPV2 pptp login from Windows XP SP3 to a pptpd / ppp / winbind
plugin combo using samba 3.0.33, 3.3.8, 3.3.12, 3.4.8 and master winbind that
was asking a w2k8 AD domain controller to verify credentials and it just worked
for me.

Can someone with a clear reproducer please upload all config / logfiles
involved ?

------- Comment #6 From Robert LeBlanc 2010-06-21 10:06:44 CST -------
Created an attachment (id=5802) [details]
Config and Log from Lenny and Squeeze

Here is the config and logs from a working Lenny install, and the config and
logs from a failing Squeeze install. All software is the same version, only
kernel is different.

------- Comment #7 From Robert LeBlanc 2010-06-21 10:07:01 CST -------
I'm not sure if this is helpful, if it is not, please let me know what else I
can provide. I'm running pptpd on a Debian Lenny machine with Winbind 3.4.8
from lenny-backports and it works perfectly, however on my Debian Squeeze
machine with Winbind 3.4.8, it doesn't work. Both machines are running the same
version of pppd (2.4.4) and pptpd (1.3.4). Lenny is running "Linux lsweb
2.6.26-2-amd64 #1 SMP Wed May 12 18:03:14 UTC 2010 x86_64 GNU/Linux" and
Squeeze is running "Linux lsweb2 2.6.32-3-amd64 #1 SMP Wed Feb 24 18:07:42 UTC
2010 x86_64 GNU/Linux"

------- Comment #8 From Guenther Deschner 2010-08-10 06:27:08 CST -------
Do you have a chance to test the patch provided in 
https://bugzilla.samba.org/show_bug.cgi?id=7568 ?

I am convinced it will resolve this issue as well.

------- Comment #9 From Hank Hampel 2010-08-23 11:38:31 CST -------
I was experiencing the same problems with winbind 3.3.8 from CentOS 5.5 (patch
level 52). After manually applying the patch from
https://bugzilla.samba.org/show_bug.cgi?id=7568 everything works fine again
(for some days now). So that seems to be the correct solution to this bug as
well.

Is there any chance that this patch is going to be included in the 3.3 version
of samba?

------- Comment #10 From Guenther Deschner 2010-08-23 13:27:18 CST -------
(In reply to comment #9)
> I was experiencing the same problems with winbind 3.3.8 from CentOS 5.5 (patch
> level 52). After manually applying the patch from
> https://bugzilla.samba.org/show_bug.cgi?id=7568 everything works fine again
> (for some days now). So that seems to be the correct solution to this bug as
> well.

Thanks a lot for testing!

> 
> Is there any chance that this patch is going to be included in the 3.3 version
> of samba?

Sorry, Samba 3.3 is unfortunately no longer actively maintained. Only security
fixes will go into a next 3.3.x release. 
See http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.3

You should contact your vendor so they can add this fix and provide new
packages.

------- Comment #11 From Kai Blin 2011-01-07 05:31:43 CST -------
*** Bug 7900 has been marked as a duplicate of this bug. ***

Bug 6632 - Assigning driver to printer brings access violation
Bug#: 6632 Product:  Samba 3.5 Version: 3.5.3 Platform: x86
OS/Version: Windows XP Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: muehlfeld@medizinische-genetik.de QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: Assigning driver to printer brings access violation
Keywords:  
Opened: 2009-08-12 15:27 CST
Description:   Opened: 2009-08-12 15:27 CST
I upload printer drivers to my samba server. Then I open the properties of a
new added printer, and assign the driver to it in the advanced tab. If I click
to "OK" or "Apply", I get a

> Function address 0x2d04193 created an access violation (Code: 0xc0000005)

After closing the window, the driver is assigned in the list view and the
advanced tab. But the settings of the driver aren't displayed.

I meanwhile removed all drivers from my server (removed everything out of
print$), deleted all *.tdb and reinstalled the whole samba server. But without
changes. Also it's reproduceable in my VM, where I set up a test environment
for that meanwhile.

It's reproducable at least with the following drivers:
- HP LaserJet 2420 PCL6
- HP LaserJet 2420 PS
- HP LaserJet 4250 PCL6

The error is reproducable on (I only tried this versions):
- 3.0.34
- 3.3.4 to 3.3.7
- 3.4.0

------- Comment #1 From Marc Muehlfeld 2009-08-12 15:31:42 CST -------
Created an attachment (id=4548) [details]
vm-02.log.gz

Compressed debug level 10 logfile of assigning one of the trouble making
drivers to a new printer.

------- Comment #2 From Marc Muehlfeld 2010-02-17 14:51:34 CST -------
Is there anything I can do to help fixing this issue? Just let me know. It is a
very big problem here, because many drivers can't be used. A full
reinstallation of whole samba (incl. all databases, etc) doesn't fix the issue.

I tried it with 3.4.5 meanwhile. There the problem still exists.

------- Comment #3 From Alessandro Bono 2010-03-22 06:06:41 CST -------
Hi

similar problem here, if I try to assign a driver to printer I receive this
error

Function address 0x5c1284f9 created an access violation (Code: 0xc0000005)

samba 3.4.7 + patch https://bugzilla.samba.org/attachment.cgi?id=5475 on a
Ubuntu Hardy 64bit
driver for HP Laserjet P2055dn PCL6
client windows xp pro sp3 32bit

tell me if you need other info or test patch

------- Comment #4 From Alessandro Bono 2010-04-16 06:24:49 CST -------
Tested samba 3.5.2 with HP Color Laserjet 2600n but not working. The difference
is that windows not crash but tell it's not possible to find specified driver.
There are new driver for HP Laserjet P2055dn and I'll try asap with samba 3.5.2

Any news or development patches to test??

------- Comment #5 From Marc Muehlfeld 2010-04-16 06:32:40 CST -------
I use for HP printers with problems the "HP Universal Printer Driver" as
replacement. But this driver is really a pain (but at least you can print with
it)

I hope somebody could fix this old problem, I'm having for a long time now.

------- Comment #6 From Alessandro Bono 2010-05-24 08:34:10 CST -------
Hi Guenther

I tested again with samba 3.5.3 to install driver for HP Laserjet P2055dn with
a windows 2003 x64 and I receive again an access violation

------- Comment #7 From Alessandro Bono 2010-06-24 10:47:37 CST -------
Hi 

this time tested with samba 3.5.4 and latest driver for hp laserjet p2055x (ver
6.1) with the same result

------- Comment #8 From Marc Muehlfeld 2010-09-13 08:52:46 CST -------
The problem comes with the newer HP printer drivers. If I use old version
(around 2005), everything is fine and I don't get an access violation.

Because hp.com doesn't list old versions and the directories on their FTP
aren't named like the printernames, you can use http://www.driverstock.com to
find an old one. The download links point directly to the FTP from HP (so no
misterious package to download from somewhere).

But all in all this is just a workaround, to use old driver version. It would
be better, if it is fixed, because it seems to happen with various (HP only?)
drivers.

Bug 6669 - printer driver short architecture dir (w32x86) is not treated case insensitive
Bug#: 6669 Product:  Samba 3.6 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: gd@samba.org QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: printer driver short architecture dir (w32x86) is not treated case insensitive
Keywords:  
Opened: 2009-08-28 06:54 CST
Description:   Opened: 2009-08-28 06:54 CST
This is a follow up bug to bug #6568.

Printer driver upload fails when w32x86 has not been created in upper-case on
the print$ share.

It should not matter in what case this directory has been created.

------- Comment #1 From Karolin Seeger 2010-01-25 08:45:13 CST -------
Too late for enhancements for 3.5. Raising version.

------- Comment #2 From Guenther Deschner 2010-04-20 05:57:43 CST -------
*** Bug 7372 has been marked as a duplicate of this bug. ***

------- Comment #3 From Guenther Deschner 2010-04-20 05:58:27 CST -------
raising priority

Bug 6724 - smbd panic action with yield_connection name=0x0
Bug#: 6724 Product:  Samba 3.3 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: zulcss@ubuntu.com QA Contact: samba-qa@samba.org
Component: File services Target Milestone: ---
URL: 
Summary: smbd panic action with yield_connection name=0x0
Keywords:  
Opened: 2009-09-14 13:49 CST
Description:   Opened: 2009-09-14 13:49 CST
Thread debugging using libthread_db enabled]
[New Thread 0x7f857ebbf710 (LWP 30992)]
0x00007f857b7688f5 in waitpid () from /lib/libc.so.6
#0 0x00007f857b7688f5 in waitpid () from /lib/libc.so.6
#1 0x00007f857b7002d1 in ?? () from /lib/libc.so.6
#2 0x00007f857eda57a8 in smb_panic (why=<value optimized out>)
    at lib/util.c:1679
#3 0x00007f857ed92be7 in sig_fault (sig=11) at lib/fault.c:46
#4 <signal handler called>
#5 0x00007f857ed875c1 in rep_strlcpy (d=0x7fff871e3f58 "", s=0x0, bufsize=256)
    at lib/replace/replace.c:64
#6 0x00007f857edb2fb9 in connections_fetch_entry (mem_ctx=0x0,
    conn=<value optimized out>, name=0x0) at lib/conn_tdb.c:65
#7 0x00007f857ec98171 in yield_connection (conn=0x7f857f555d90, name=0x0)
    at smbd/connection.c:33
#8 0x00007f857ecbcc4c in close_cnum (conn=0x7f857f555d90, vuid=0)
    at smbd/service.c:1328
#9 0x00007f857ec9d795 in conn_close_all () at smbd/conn.c:174
#10 0x00007f857ec878b7 in exit_server_common (how=SERVER_EXIT_NORMAL,
    reason=0x0) at smbd/server.c:917
#11 0x00007f857ec87a96 in exit_server_cleanly (
    explanation=<value optimized out>) at smbd/server.c:985
#12 0x00007f857ec89cd7 in main (argc=<value optimized out>, argv=0x2)
    at smbd/server.c:1516
The program is running. Quit anyway (and detach it)? (y or n) [answered Y;
input not from terminal]

Here's the smdb.conf file;

#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Some options that are often worth tuning have been included as
# commented-out examples in this file.
# - When such options are commented with ";", the proposed setting
# differs from the default Samba behaviour
# - When commented with "#", the proposed setting is the default
# behaviour of Samba but the option is considered important
# enough to be mentioned here
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic
# errors.
# A well-established practice is to name the original file
# "smb.conf.master" and create the "real" config file with
# testparm -s smb.conf.master >smb.conf
# This minimizes the size of the really used smb.conf file
# which, according to the Samba Team, impacts performance
# However, use this with caution if your smb.conf file contains nested
# "include" statements. See Debian bug #483187 for a case
# where using a master file is not a good idea.
#

#======================= Global Settings =======================

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
   workgroup = WORKGROUP

# server string is the equivalent of the NT Description field
   server string = %h server (Samba, Ubuntu)

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
# wins support = no

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z

# This will prevent nmbd to search for NetBIOS names through DNS.
   dns proxy = no

# What naming service and in what order should we use to resolve host names
# to IP addresses
; name resolve order = lmhosts host wins bcast

#### Networking ####

# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
; interfaces = 127.0.0.0/8 eth0

# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself. However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
; bind interfaces only = yes

#### Debugging/Accounting ####

# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Cap the size of the individual log files (in KiB).
   max log size = 1000

# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
# syslog only = no

# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
   syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d

####### Authentication #######

# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html
# in the samba-doc package for details.
  security = share

# You may wish to use password encryption. See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
   encrypt passwords = true

# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
   passdb backend = tdbsam

   obey pam restrictions = yes

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
   unix password sync = yes

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan
<<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully* .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
   pam password change = yes

# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
   map to guest = bad user

########## Domains ###########

# Is this machine able to authenticate users. Both PDC and BDC
# must have this setting enabled. If you are the BDC you must
# change the 'domain master' setting to no
#
; domain logons = yes
#
# The following setting only takes effect if 'domain logons' is set
# It specifies the location of the user's profile directory
# from the client point of view)
# The following required a [profiles] share to be setup on the
# samba server (see below)
; logon path = \\%N\profiles\%U
# Another common choice is storing the profile in the user's home directory
# (this is Samba's default)
# logon path = \\%N\%U\profile

# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
; logon drive = H:
# logon home = \\%N\%U

# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
; logon script = logon.cmd

# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe. The example command creates a user account with a disabled Unix
# password; please adapt to your needs
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u

# This allows machine accounts to be created on the domain controller via the
# SAMR RPC pipe.
# The following assumes a "machines" group exists on the system
; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d
/var/lib/samba -s /bin/false %u

# This allows Unix groups to be created on the domain controller via the SAMR
# RPC pipe.
; add group script = /usr/sbin/addgroup --force-badname %g

########## Printing ##########

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   load printers = yes

# lpr(ng) printing. You may wish to override the location of the
# printcap file
; printing = bsd
; printcap name = /etc/printcap

# CUPS printing. See also the cupsaddsmb(8) manpage in the
# cupsys-client package.
; printing = cups
; printcap name = cups

############ Misc ############

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /home/samba/etc/smb.conf.%m

# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/speed.html
# for details
# You may want to add the following on a Linux system:
         SO_RCVBUF=8192 SO_SNDBUF=8192
   socket options = TCP_NODELAY

# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &

# Domain Master specifies Samba to be the Domain Master Browser. If this
# machine will be configured as a BDC (a secondary logon server), you
# must set this to 'no'; otherwise, the default behavior is recommended.
# domain master = auto

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash

# The following was the default behaviour in sarge,
# but samba upstream reverted the default because it might induce
# performance issues in large organizations.
# See Debian bug #368251 for some of the consequences of *not*
# having this setting and smb.conf(5) for details.
; winbind enum groups = yes
; winbind enum users = yes

# Setup usershare options to enable non-root users to share folders
# with the net usershare command.
usershare owner only = false

# Maximum number of usershare. 0 (default) means that usershare is disabled.
; usershare max shares = 100

# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
   usershare allow guests = yes

#======================= Share Definitions =======================

# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares. This will share each
# user's home directory as \\server\username
;[homes]
; comment = Home Directories
; browseable = no

# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
; read only = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
; create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
; directory mask = 0700

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server. Un-comment the following parameter
# to make sure that only "username" can connect to \\server\username
# This might need tweaking when using external authentication schemes
; valid users = %S

# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; read only = yes
; share modes = no

# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
;[profiles]
; comment = Users profiles
; path = /home/samba/profiles
; guest ok = no
; browseable = no
; create mask = 0600
; directory mask = 0700

[printers]
   comment = All Printers
   browseable = yes
   path = /var/spool/samba
   printable = yes
   guest ok = yes
   read only = yes
   create mask = 0700
   security = guest
   public = yes
   writeable = yes
   use client driver = yes
# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = yes
# Uncomment to allow remote administration of Windows print drivers.
# You may need to replace 'lpadmin' with the name of the group your
# admin users are members of.
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
; write list = root, @lpadmin

# A sample share for sharing your CD-ROM with others.
;[cdrom]
; comment = Samba server's CD-ROM
; read only = yes
; locking = no
; path = /cdrom
; guest ok = yes

# The next two parameters show how to auto-mount a CD-ROM when the
# cdrom share is accesed. For this to work /etc/fstab must contain
# an entry like this:
#
# /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
#
# The CD-ROM gets unmounted automatically after the connection to the
#
# If you don't want to use auto-mounting/unmounting make sure the CD
# is mounted on /cdrom
#
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom

Bug 6750 - After 'machine password timeout' /etc/krb5.keytab is not updated
Bug#: 6750 Product:  Samba 3.4 Version: 3.4.0 Platform: x86
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: jgunthorpe@gmail.com QA Contact: samba-qa@samba.org
Component: Winbind Target Milestone: ---
URL: 
Summary: After 'machine password timeout' /etc/krb5.keytab is not updated
Keywords:  
Opened: 2009-09-21 16:25 CST
Description:   Opened: 2009-09-21 16:25 CST
It is great that samba has leaned how to refresh the machine password, but when
it does this and doesn't update the /etc/krb5.keytab it breaks every other
kerberos service on the machine.

I can't figure out how to get it do this..

My smb.conf has:
kerberos method = secrets and keytab

I can't find any code that looks like it would update the keytab so I guess it
is broken..

The keytab should be refreshed, but a better job is needed compared to 'net ads
keytab create' the latter doesn't create entries for any additional SPNs the
host may have (say created by net ads keytab add). Which I think is a separate
bug in of itself..

No idea how to handle multiple keytabs, my webserver for instance has a
apache-only keytab with just the various http SPNs in it.

------- Comment #1 From Guenther Deschner 2009-09-22 10:03:02 CST -------
The current code will simply don't do any machine account password changes once
you use a kerberos keytab as per smb.conf setting. Are you saying winbind tries
to do so ?

Auto refreshing the keytab potentially requires admin credentials, for that
reason it wasn't added when implementing the automatic machine password change
mechanism initially.

------- Comment #2 From Jason Gunthorpe 2009-09-22 15:13:54 CST -------
Which smb.conf setting are you referring to? I have 'kerberos method = secrets
and keytab' and the kvno of my host is increasing once a week. This is samba
3.4.0

Why does regenerating the keytab require admin credentials? Is that some weird
corner case? It works for me using my ordinary user (non-admin) credentials. I
thought the process would be to generate the keytab entries from the machine
password and current kvno - just as samba must be doing on the fly internally
to compute the keys. The machine account can surely be used to access any
ancillary data?

I always thought it was just a bug that net ads keytab create prompted for a
password..

FWIW, this was not happening in 3.3.2 and prior versions.

------- Comment #3 From Michael Adam 2009-09-22 15:57:01 CST -------
reassigning to günther...

------- Comment #4 From Simo Sorce 2009-09-23 11:02:09 CST -------
Guenther, I think that if the password change is successful we should just
generate a new keytab locally and save it over /etc/krb5.keytab

Bug 6794 - kerberized pam_winbind logon with trust domain account on samba pdc not possible
Bug#: 6794 Product:  Samba 3.4 Version: 3.4.2 Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: gd@samba.org QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: kerberized pam_winbind logon with trust domain account on samba pdc not possible
Keywords:  
Opened: 2009-10-08 16:01 CST
Description:   Opened: 2009-10-08 16:01 CST
kerberized pam_winbind logon with trust domain account on samba pdc not
possible.

The main cause is that when we are a PDC with trusts to AD domains, we don't
have lp_realm() set (which is incorrectly expected to be set by some
functions).

Bug 6833 - Can not login with AD account when system keytab is used
Bug#: 6833 Product:  Samba 3.4 Version: 3.4.2 Platform: x64
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: robert@leblancnet.us QA Contact: samba-qa@samba.org
Component: Winbind Target Milestone: ---
URL: 
Summary: Can not login with AD account when system keytab is used
Keywords:  
Opened: 2009-10-20 16:05 CST
Description:   Opened: 2009-10-20 16:05 CST
When upgrading to 3.4.2 from 3.2.5, I've changed "use kerberos keytab = yes" to
"kerberos method = system keytab" and I'm not able to login using an Active
Directory domain account. I see this in the error logs:

[2009/10/20 12:46:52,  1]
libads/kerberos_verify.c:190(ads_keytab_verify_ticket)
  ads_keytab_verify_ticket: krb5_kt_start_seq_get failed (Permission denied)
[2009/10/20 12:46:52,  1] libads/authdata.c:450(kerberos_return_pac)
  ads_verify_ticket failed: NT_STATUS_LOGON_FAILURE

net ads keytab commands work without a problem and there seems to be no unusual
permission issues with the system keytab file at /etc/krb5.keytab. If I comment
out the kerberos method = system keytab then I am once again able to log in. If
I delete the keytab, then I get:

[2009/10/20 15:02:01,  1]
libads/kerberos_verify.c:190(ads_keytab_verify_ticket)
  ads_keytab_verify_ticket: krb5_kt_start_seq_get failed (No such file or
directory)
[2009/10/20 15:02:01,  1] libads/authdata.c:450(kerberos_return_pac)
  ads_verify_ticket failed: NT_STATUS_LOGON_FAILURE

If I create a new keytab 'net ads keytab create -P', I get a new keytab with
the right SPNs. When I try to log in, I get the permission denied messages as
above. I'm not sure what to look at to try to fix the problem.

------- Comment #1 From Robert LeBlanc 2009-10-30 17:22:46 CST -------
If Kerberos is set-up correctly I can SSH into a machine that is using
"kerberos method = system keytab" using kerberos tickets just fine. If I have
to use password authentication whether on the console or SSH, it doesn't work.
Hopefully that helps find the bug. I haven't had time to try to figure out the
code myself yet.

------- Comment #2 From Michael Adam 2009-11-20 18:16:01 CST -------
Robert - thanks for your bug report!

Günther: could you have a look? Thanks!

Cheers - Michael

------- Comment #3 From Anton D 2009-12-07 20:47:54 CST -------
I have the exact same problem myself with 3.4 that I never had with 3.0, 3.2 or
3.3. I can confirm that commenting out "kerberos method = system keytab" helps.

I had also noticed that pam_winbind works fine if you leave out the krb5_auth
related settings. But I had no problem using kinit to get a ticket for my user
principal.

I had a feeling the system keytab generated by "net ads keytab create" was the
problem, as "kinit -k" wouldn't authenticate. Active Directory would have
preauthentication errors even if preauthentication was turned off for the user
account.

More details:

OS: Ubuntu 9.10 AMD64 (which uses 3.4.0 + some bug fixes). I've successfully
used many previous versions of Ubuntu (and Debian) against the same Active
Directory domain. The desktop only has the winbind and samba-common packages
installed (no samba server package).

KDC: Windows 2003 (SBS) with the SFU 3.5 schema extensions. There is only one
domain/realm on the network.


smb.conf:

[global]
   workgroup = EXAMPLE
   realm = EXAMPLE.COM
   preferred master = no
   security = ADS

   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = Yes
   winbind nested groups = Yes
   winbind nss info = sfu
   winbind offline logon = true
   winbind refresh tickets = true

   idmap backend = tdb
   idmap uid = 50000 - 50999
   idmap gid = 50000 - 50999
   idmap config EXAMPLE:backend = ad
   idmap config EXAMPLE:readonly = yes
   idmap config EXAMPLE:default = yes
   idmap config EXAMPLE:schema_mode = sfu
   idmap config EXAMPLE:range = 10000 - 19999
   kerberos method = system keytab


Everything else seems to work - eg:

testparm
net ads join ...
net ads testjoin
net ads keytab create
wbinfo -u
wbinfo -g
pam_winbind without kerberos
kinit (but not kinit -k)
etc

Let me know if I've left anything out...

------- Comment #4 From Anton D 2009-12-08 19:23:21 CST -------
After some more digging:

I don't think the keytabs themselves are the problem. I can most of the time
get a working keytab from "net ads keytab create".

I have noticed though that the problems with "kerberos method = system keytab"
or "kerberos method = dedicated keytab" only appear when
"krb5_ccache_type=FILE" is specified in the pam_winbind config.

If smb.conf specifies a dedicated or system keytab, pam_winbind will work (for
me at least) via kerberos using "krb5_auth", and only fails once you tell it to
create a credential cache.

So it seems as though the problem appears when using a combination of a keytab
and a credential cache.

------- Comment #5 From Robert LeBlanc 2009-12-18 18:09:27 CST -------
I have confirmed that removing krb5_ccache_type=FILE allows both Kerberos
logins and password challenged logins. We would like to have this option.
Thanks.

------- Comment #6 From Anton D 2010-05-11 19:58:20 CST -------
Some more info:

I've also run into this with Ubuntu 10.04 which ships winbind 3.4.7. I don't
know of this is distro specific - I'll be testing that soon.

Something else I've discovered is that it seems related to being able to read
the system keytab file.

Normally the system keytab is sensitive and should only be able to be read by
root, and when winbind creates the keytab this is the case.

But winbind 3.4 seems to require that the user account logging in also needs to
be able to read the keytab file. If I make the system keytab world readable
(which isn't a good idea) suddenly pam_winbind works again.

I would have assumed that only the winbind daemon itself (running as root)
needs  to read the keytab file.

Another way to demonstrate this:

Start with only root being able to read the keytab (the default permissions).
Try authenticating a kerberos UPN / Windows domain account as a non root user

$ wbinfo -K anton
Enter anton's password: 
plaintext kerberos password authentication for [anton] failed (requesting
cctype: FILE)
error code was NT_STATUS_LOGON_FAILURE (0xc000006d)
error messsage was: Logon failure
Could not authenticate user [anton] with Kerberos (ccache: FILE)


Try the same again, but as root

$ sudo wbinfo -K anton
Enter anton's password: 
plaintext kerberos password authentication for [anton] succeeded (requesting
cctype: FILE)
credentials were put in: FILE:/tmp/krb5cc_0


Now change permissions of the keytab and try again without root permissions

$ sudo chmod 644 /etc/krb5.keytab
$ wbinfo -K anton
Enter anton's password: 
plaintext kerberos password authentication for [anton] succeeded (requesting
cctype: FILE)
credentials were put in: FILE:/tmp/krb5cc_10000


(Note: wild unsubstantiated guess) It almost seems as though winbind is
switching to the non root user before it reads the keytab file.

One other baffling data point that I haven't fully reproduced yet: Systems that
have upgraded from pre 3.4 Samba versions don't seem to have this problem
despite having practically identical settings and permissions.

------- Comment #7 From Anton D 2010-05-12 07:37:10 CST -------
After some more testing with Samba built from source tarballs (both 3.4.8 and
3.5.2) on a clean system, I still get the same results. So it doesn't seem to
be an Ubuntu packaging issue.

Summary:

With Samba 3.4 and 3.5, the system keytab needs to be world readable when using
"kerberos method = system keytab" in smb.conf.

These insecure keytab permissions weren't required with 3.3 and earlier.

------- Comment #8 From Anton D 2010-05-12 22:58:08 CST -------
SOLVED (mostly).

After browsing the source code where this behaviour changed in 3.4, I found
this comment:


case KERBEROS_VERIFY_SECRETS_AND_KEYTAB:
    /* First try secrets.tdb and fallback to the krb5.keytab if
       necessary.  This is the pre 3.4 behavior when
       "use kerberos keytab" was true.*/

So it turns out that "kerberos method = secrets and keytab" is the proper match
to the old "use kerberos keytab = true" rather than "kerberos method = system
keytab" (or dedicated keytab).

SOLUTION: Using "kerberos method = secrets and keytab" gives me my desired
result.

I'm not sure what the intended behaviour for "system keytab" is, so I'm not
sure if the permissions/ccache situation is actually by design or not (eg if it
is only supposed to be used as root).

Could this be documented better? There isn't really much in the smb.conf man
page or the release notes that indicates which setting matches 3.3 and earlier
or what system keytab will/won't do.

Bug 6872 - krb5 refresh chain is broken when login in cached mode.
Bug#: 6872 Product:  Samba 3.3 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: boyang@samba.org QA Contact: samba-qa@samba.org
Component: Winbind Target Milestone: ---
URL: 
Summary: krb5 refresh chain is broken when login in cached mode.
Keywords:  
Opened: 2009-11-05 02:58 CST
Description:   Opened: 2009-11-05 02:58 CST
When winbindd starts without network, user login in cached mode. The trust_type
flag is not set because there is no network. So the krb5 refresh timer is not
added. 

Then even domain member is in AD environment, user cannot get kerberos ticket
when winbindd goes online again. We can use the method in 3.0.x to have a rough
guess whether it is AD. :-)

patch for 3-{2,3,4}-test in the attachment.

Thanks!

------- Comment #1 From Bo Yang 2009-11-05 03:00:34 CST -------
Created an attachment (id=4916) [details]
patch for v3-2-test

------- Comment #2 From Bo Yang 2009-11-05 03:01:04 CST -------
Created an attachment (id=4917) [details]
patch for v3-3-test

------- Comment #3 From Bo Yang 2009-11-05 03:01:31 CST -------
Created an attachment (id=4918) [details]
patch for v3-4-test

------- Comment #4 From Guenther Deschner 2009-11-05 07:40:54 CST -------
(In reply to comment #0)
> When winbindd starts without network, user login in cached mode. The trust_type
> flag is not set because there is no network. So the krb5 refresh timer is not
> added.

I am not sure I understand that patch. The whole purpose of using the tdc cache
here was that even while offline (w/o network) the cache could tell us whether
a trusted domain is AD or not, so the trust_type flag should already be set (on
disc) appropriately.

> 
> Then even domain member is in AD environment, user cannot get kerberos ticket
> when winbindd goes online again. We can use the method in 3.0.x to have a rough
> guess whether it is AD. :-)

This I don't understand at all :-) Why do you think the automatic kinit can't
work when coming from offline to online ?

------- Comment #5 From Bo Yang 2009-11-05 08:43:15 CST -------
Please have a look at the call stack:

init_domain_list() ---> add_trusted_domain() --> wcache_tdc_add_domain().

If winbindd starts without network, the trust_type flags will not be set. Then
user login cached mode. In winbindd_dual_pam_auth_cached()[winbindd_pam.c:989],
You can see what is wrong here.

The event will not be added.

Bug 6888 - REGRESSION: printing support for 64 bit windows clients broken
Bug#: 6888 Product:  Samba 3.5 Version: 3.5.0rc2 Platform: x64
OS/Version: Windows 7 Status: NEW Severity: minor Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: pontus.fuchs@tactel.se QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL:  http://msdn.microsoft.com/en-us/library/99fdf2cf-79bb-43bf-997c-88b33538a5e1(PROT.13)#endNote32
Summary: REGRESSION: printing support for 64 bit windows clients broken
Keywords:  
Opened: 2009-11-11 05:25 CST
Description:   Opened: 2009-11-11 05:25 CST
Adding a raw printer on a samba server from windows 7 64 bit fails with error
0x0000000d. There is no point'n'print driver installed on the server. Win7
32bit works fine on the same setup.

The following error is printed in samba's log. 

[2009/11/11 12:03:47,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/ipc.c(132) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW

------- Comment #1 From Pontus Fuchs 2009-11-11 05:26:25 CST -------
Created an attachment (id=4940) [details]
Log

------- Comment #2 From Pontus Fuchs 2009-11-11 05:27:08 CST -------
Created an attachment (id=4941) [details]
My smb.conf

------- Comment #3 From Guenther Deschner 2009-12-08 10:16:25 CST -------
64bit windows spoolss clients are currently not supported. Hopefully we can
support them with a later version of samba.

------- Comment #4 From Reid 2009-12-13 13:03:34 CST -------
I get the same error using Windows 7 64bit. But when I downgrade to samba 3.3.8
it works just fine. Why wouldn't 64bit spools be supported in 3.3 and not
supported in 3.4?

------- Comment #5 From Guenther Deschner 2009-12-17 04:47:01 CST -------
Ok, you are absolutely right. Marking this as a blocker. It really is one.

Short explanation: The core problem is that the marshalled buffers (containing
printer/driver info) in v3-3-test are marshalled in exactly the same way
windows marshalls them while marshalling is different in v3-4-test.

Longer explanation:

Assume the server sends a blob to the client with offered blob size.
PIDL currently constructs that blob containing relative pointers like this:
[offset1] [offset2] [offset3] [buffer1] [buffer2] [buffer3] [0,0... to fill up
total offered blob size].

In order to make 64bits clients work again (as of
http://msdn.microsoft.com/en-us/library/cc244870%28PROT.13%29.aspx#id31) PIDL
needs to move all marshalled buffers to the *end* of the blob in *reverse*
order.
[offset1] [offset2] [offset3] [0,0... to fill up total offered blob size]
[buffer3] [buffer2] [buffer1]

Metze and me were discussing ways to accomplish this and we need to solve this
for v3-4-test and v3-5-test.

------- Comment #6 From Reid 2009-12-20 01:33:53 CST -------
Sounds good. Has this been committed to the test branches? I really need to get
my printers going as soon as possible. I would fall back to 3.3.8, but the
developers of the distro I'm using have compiled it against a version of
heimdal that breaks other software if heimdal is downgraded. This makes
downgrading is a major pain.

If you could let me know if this is ready, I'll see if I can find some time to
try it out.

Thanks
(In reply to comment #5)
> Ok, you are absolutely right. Marking this as a blocker. It really is one.
> 
> Short explanation: The core problem is that the marshalled buffers (containing
> printer/driver info) in v3-3-test are marshalled in exactly the same way
> windows marshalls them while marshalling is different in v3-4-test.
> 
> Longer explanation:
> 
> Assume the server sends a blob to the client with offered blob size.
> PIDL currently constructs that blob containing relative pointers like this:
> [offset1] [offset2] [offset3] [buffer1] [buffer2] [buffer3] [0,0... to fill up
> total offered blob size].
> 
> In order to make 64bits clients work again (as of
> http://msdn.microsoft.com/en-us/library/cc244870%28PROT.13%29.aspx#id31) PIDL
> needs to move all marshalled buffers to the *end* of the blob in *reverse*
> order.
> [offset1] [offset2] [offset3] [0,0... to fill up total offered blob size]
> [buffer3] [buffer2] [buffer1]
> 
> Metze and me were discussing ways to accomplish this and we need to solve this
> for v3-4-test and v3-5-test.
> 

------- Comment #7 From Björn Jacke 2010-02-17 09:01:36 CST -------
as it never worked in a 3.4 release this is a blocker for 3.5.0 but not for
3.4.6. Changing version tag accordingly.

------- Comment #8 From Karolin Seeger 2010-02-18 09:41:08 CST -------
Created an attachment (id=5382) [details]
Fixes from Günther and Metze (pushed to master)

------- Comment #9 From Guenther Deschner 2010-02-18 09:42:37 CST -------
(From update of attachment 5382 [details])
looks good :)

------- Comment #10 From Karolin Seeger 2010-02-18 09:50:01 CST -------
...but does not apply too v3-5-test... :-(

Applying: libndr: add ndr_push_relative_ptr2_start and
ndr_push_relative_ptr2_end.
error: patch failed: librpc/ndr/libndr.h:385
error: librpc/ndr/libndr.h: patch does not apply
Patch failed at 0001 libndr: add ndr_push_relative_ptr2_start and
ndr_push_relative_ptr2_end.

------- Comment #11 From Guenther Deschner 2010-02-18 19:49:58 CST -------
Created an attachment (id=5391) [details]
patch for 3.5

------- Comment #12 From Guenther Deschner 2010-02-18 20:55:54 CST -------
Created an attachment (id=5392) [details]
patch for 3.4

------- Comment #13 From Guenther Deschner 2010-02-18 20:57:07 CST -------
stefan, the memset still to be resolved though. easy reproducer: local
rpcclient enumports.

------- Comment #14 From Jeremy Allison 2010-02-18 22:38:45 CST -------
Wow - nice work, but BOY are we going to have to review this before 3.5.0 final
:-).

Thanks,

Jeremy.

------- Comment #15 From Guenther Deschner 2010-02-19 03:20:12 CST -------
Created an attachment (id=5397) [details]
patch for 3.4

adds 76aa37f653fec2d511921768381db7da661750cb

------- Comment #16 From Guenther Deschner 2010-02-19 03:21:11 CST -------
Created an attachment (id=5398) [details]
patch for 3.5

adds 76aa37f653fec2d511921768381db7da661750cb

------- Comment #17 From Stefan (metze) Metzmacher 2010-02-19 04:01:53 CST -------
(From update of attachment 5397 [details])
Looks good

------- Comment #18 From Stefan (metze) Metzmacher 2010-02-19 04:05:20 CST -------
(From update of attachment 5398 [details])
Looks good

------- Comment #19 From Stefan (metze) Metzmacher 2010-02-19 04:08:54 CST -------
Karolin, please pick into the release branches

------- Comment #20 From Karolin Seeger 2010-02-19 05:32:28 CST -------
Pushed to v3-4-test and v3-5-test.
Re-assigning to Günther.

------- Comment #21 From christoph beyer 2010-03-18 08:18:47 CST -------
Hi,

I just tried 3.5.1 and 64 bit windows 7 printing with a variety of drivers
(Rico, KonicaMinolta, HP). In the mmc the add driver stuff works fine for both
64 and 32 bit.

The driver do not show up in the 'advanced' tab of the printer options though.
I can assign them to a printer using 'rpcclient' on the samba box. They are
shown than for the individual rpinter  as expected and test page prints fine. 

The KM driver has some additional problems:

> "C:\....\mmc.exe
> Function adress 0xff38117a caused a protection fault (exception code
> 0xc000005) some or all properties pages may not be displayed"
> 
> In the samba logfile I see one error, don't now if it is realted though:
> 
> [2010/03/17 10:57:22.771269,  3] smbd/error.c:76(error_packet_set)
>   error packet at smbd/trans2.c(4130) cmd=50 (SMBtrans2)
> NT_STATUS_INVALID_LEVEL
> [2010/03/17 10:57:22.771592,  5] lib/util.c:617(show_msg)
> [2010/03/17 10:57:22.771727,  5] lib/util.c:620(show_msg)
>   size=35
>   smb_com=0x32
>   smb_rcls=72
>   smb_reh=1
>   smb_err=49152
>   smb_flg=136
>   smb_flg2=51203
>   smb_tid=1
>   smb_pid=1044
>   smb_uid=101
>   smb_mid=74
>   smt_wct=0
>   smb_bcc=0
> [2010/03/17 10:57:22.773226, 10]
> lib/util_sock.c:726(read_smb_length_return_keepalive)
>   got smb length of 224

cheers

christoph

Bug 6912 - net join password hashes
Bug#: 6912 Product:  Samba 3.3 Version: 3.3.9 Platform: x64
OS/Version: Solaris Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: tom.decooman@gmail.com QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: net join password hashes
Keywords:  
Opened: 2009-11-20 10:29 CST
Description:   Opened: 2009-11-20 10:29 CST
Hi,

Ran into some trouble joining a samba-3.3.9 into a domain. (PDC is samba with
ldap backend)
Server is an x86 running solaris10u8.
When performing 'net join', it returns 'Joined domain FILES.'
So looks ok, but when we try a simple smbclient list on the member, it failes
mentioning a trust problem in the client-log.
After some investigation it appears that the password hash for the machine is
not correct in ldap.
(dumped the local tdb of the member and hashed the password)
When replacing the machine pass in the ldap it works.

samba-3.3.8 works, beginning with 3.3.9 the hash isn't ok anymore.
We noticed that the first part of the has is ok, the last part isn't.
eg:
hash in ldap:
D5C6EC524F258B51424B5387A445107D

generated hash from passwd in secrets.tdb:
D5C6EC524F258B51DE43917CA0985BFC

Regards

------- Comment #1 From Tom De Cooman 2009-11-20 11:25:32 CST -------
bisect:



commit 41106eda6bce2dc7e70fea00f23071e0820d9a13
Author: Stefan Metzmacher <metze@samba.org>
Date:   Thu Aug 27 13:16:15 2009 +0200

    s3:netlogon: replace cred_hash3 by des_crypt112_16

    This makes sure we don't truncate the session key to 8 bytes
    Fixes bug #6664.            

    metze                       
    (cherry picked from commit 570a8cf5bb6924905b3ad20353d1e7b0ca087748)

diff --git a/source/rpc_client/cli_netlogon.c
b/source/rpc_client/cli_netlogon.c
index 23618ef..f2a260c 100644   
--- a/source/rpc_client/cli_netlogon.c
+++ b/source/rpc_client/cli_netlogon.c
@@ -601,9 +601,9 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct
rpc_pipe_client *cli,

                struct samr_Password new_password;

-               cred_hash3(new_password.hash,
-                          new_trust_passwd_hash,
-                          cli->dc->sess_key, 1);
+               des_crypt112_16(new_password.hash,
+                               new_trust_passwd_hash,
+                               cli->dc->sess_key, 1);

                result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
                                                       cli->dc->remote_machine,
diff --git a/source/rpc_server/srv_netlog_nt.c
b/source/rpc_server/srv_netlog_nt.c
index dd49096..0c76c8e 100644   
--- a/source/rpc_server/srv_netlog_nt.c
+++ b/source/rpc_server/srv_netlog_nt.c
@@ -669,8 +669,7 @@ NTSTATUS _netr_ServerPasswordSet(pipes_struct *p,
                return NT_STATUS_ACCOUNT_DISABLED;
        }                       

-       /* Woah - what does this to to the credential chain ? JRA */
-       cred_hash3(pwd, r->in.new_password->hash, p->dc->sess_key, 0);
+       des_crypt112_16(pwd, r->in.new_password->hash, p->dc->sess_key, 0);

        DEBUG(100,("_netr_ServerPasswordSet: new given value was :\n"));
        for(i = 0; i < sizeof(pwd); i++)
(END) 







(In reply to comment #0)
> Hi,
> 
> Ran into some trouble joining a samba-3.3.9 into a domain. (PDC is samba with
> ldap backend)
> Server is an x86 running solaris10u8.
> When performing 'net join', it returns 'Joined domain FILES.'
> So looks ok, but when we try a simple smbclient list on the member, it failes
> mentioning a trust problem in the client-log.
> After some investigation it appears that the password hash for the machine is
> not correct in ldap.
> (dumped the local tdb of the member and hashed the password)
> When replacing the machine pass in the ldap it works.
> 
> samba-3.3.8 works, beginning with 3.3.9 the hash isn't ok anymore.
> We noticed that the first part of the has is ok, the last part isn't.
> eg:
> hash in ldap:
> D5C6EC524F258B51424B5387A445107D
> 
> generated hash from passwd in secrets.tdb:
> D5C6EC524F258B51DE43917CA0985BFC
> 
> Regards
> 

------- Comment #2 From Tom De Cooman 2009-11-25 07:16:44 CST -------
PDC is 3.0.26a-SerNet-Debian

------- Comment #3 From Stefan (metze) Metzmacher 2009-12-08 07:12:40 CST -------
the problem is that 3.0.26a is broken with 128Bit session keys.

This branch (based on v3-0-test) fixes most of the problems.
http://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/v3-0-trust

Maybe also some patches from this branch (based on v3-0-24) are needed:
http://
gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/v3-0-24-trust

Günther should we add a switch to disable 128Bit session keys,
that can be used against old samba versions.

Bug 7019 - Windows 7 failed to logon to Samba Domain. Credentials Check Failed
Bug#: 7019 Product:  Samba 3.4 Version: 3.4.3 Platform: x86
OS/Version: Windows 7 Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: koalay@gmail.com QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL:  http://docs.google.com/View?id=dctqhn37_188c2ghpgdq
Summary: Windows 7 failed to logon to Samba Domain. Credentials Check Failed
Keywords:  
Opened: 2010-01-04 05:01 CST
Description:   Opened: 2010-01-04 05:01 CST
I have a Samba domain of Windows XP.
I tried to have a new Windows 7 PC join the Samba domain.
And I failed to logon, as any account, on that PC.
It says that either my user name or password is incorrect.

I checked by log, and this seems to be related:
------------------------------
[2010/01/04 17:49:13,  2] libsmb/credentials.c:223(netlogon_creds_server_check)
  netlogon_creds_server_check: credentials check failed.
[2010/01/04 17:49:13,  0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth
request from client CLIENT-PC machine account CLIENT-PC$
------------------------------


You can find the full per-machine log at the URL attached.

------- Comment #1 From Koala Yeung 2010-01-04 05:04:28 CST -------
Created an attachment (id=5116) [details]
per-machine log file show the error

To prevent Google Docs from failing us, I also attach the per-machine log-file
here.

------- Comment #2 From Andreas Matthus 2010-07-01 07:12:07 CST -------
Hallo,

have you change the registry on then windows 7 machine?:

HKLM\System\CCS\Services\LanmanWorkstation\Parameters
            DWORD  DomainCompatibilityMode = 1
            DWORD  DNSNameResolutionRequired = 0

Have you change the user over the button "other user" (or similary - i havn't a
english windows) to domain-users?

On my installations logon are possible, but in logfiles the error-messages was
similary: 
Rejecting auth request from client CLIENT-PC machine account CLIENT-PC$

I found out, that all machine-names use lower letters in /etc/passwd and
/var/lib/samba/passwd.tdb. If in /etc/passwd the same entry in uppercase the
errormessages disappears. So I create a workarround:

Frist create a file /usr/sbin/maschineadd:
#!/bin/bash
gross=$(echo $* | /usr/bin/tr a-z A-Z)
/usr/sbin/useradd -s /bin/false -d /dev/null -g 515 $gross

second change in smb.conf:
 add machine script = /usr/sbin/machineadd %u

Hint: You must have a group 515 (Domain-Computers).
Then delete the old entries in /etc/passwd and /var/lib/samba/passwd.tdb

pdbedit -x CLIENT-PC$
userdel CLIENT-PC$

and get domain-member from the client-pc-side. It should create the names in
capital letters and the error-message disappears. I hope your login-problem
too.

with regards
Andreas Matthus

------- Comment #3 From Berni Elbourn 2010-09-09 10:55:48 CST -------
Sorry to confirm that the add machine script work rounds here do not work here.

I actually had a windows 7 ultimate PC working in a Samba 3.4 domain earlier in
the year. As of this week profiles failed to load. 

The usual fix to remove all traces of the client in the domain and re-add the
client back into the domain are failing to create a valid machine account. This
is logged:

[2010/09/09 16:50:31,  0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth
request from client W7 machine account W7$

As such none of the users can login to the Windows 7 client with these logs:

[2010/09/09 16:52:53,  1] smbd/service.c:1063(make_connection_snum)
  w7 (::ffff:192.168.2.106) connect to service profiles initially as user
elbournb (uid=1000, gid=100) (pid 14074)
[2010/09/09 16:52:53,  0] smbd/nttrans.c:2119(call_nt_transact_ioctl)
  call_nt_transact_ioctl(0x900eb): Currently not implemented.
[2010/09/09 16:52:53,  1] smbd/service.c:1063(make_connection_snum)
  w7 (::ffff:192.168.2.106) connect to service profiles initially as user w7$
(uid=1017, gid=1017) (pid 14074)
[2010/09/09 16:52:53,  1] smbd/vfs.c:932(check_reduced_name)
  reduce_name: couldn't get realpath for elbournb.V2/ntuser.ini
[2010/09/09 16:52:53,  1] smbd/vfs.c:932(check_reduced_name)
  reduce_name: couldn't get realpath for elbournb.V2/ntuser.ini
[2010/09/09 16:52:54,  1] smbd/service.c:1063(make_connection_snum)
  w7 (::ffff:192.168.2.106) connect to service elbournb initially as user
elbournb (uid=1000, gid=100) (pid 14074)
[2010/09/09 16:53:04,  1] smbd/service.c:1240(close_cnum)
  w7 (::ffff:192.168.2.106) closed connection to service profiles

Samba version is 3.4.8 from Debian backports.

Bug 7023 - unable to login when username is with underscore like b_user
Bug#: 7023 Product:  Samba 3.3 Version: 3.3.9 Platform: x86
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: moshe010@gmail.com QA Contact: samba-qa@samba.org
Component: Winbind Target Milestone: ---
URL: 
Summary: unable to login when username is with underscore like b_user
Keywords:  
Opened: 2010-01-07 03:21 CST
Description:   Opened: 2010-01-07 03:21 CST
Hi moshe,

> My name is moshe and I am using samba  to join Active Directory.
>
> I am using samba 3.3.9 release on RedHat Server 5.3 OS.
> The Active Directory is on windows 2008 R2.
>
> I hope you can help with the issue:
>
> I am able to join the domain of the  Active Directory.
> also I am able to logging to the linux box if I define the  user in the
> Active Directory without
> underscore for example moshe.
>
> Until here everything is working great.
>
> The problem is if I define the user with underscore for example b_user
> Then I am not able to login.
> I get an error the the user don't exist although when I do wbinfo -u I can
> see him.
> It look like samba is not able to map uid when the usename is with
> underscore.
>
> I look in the release note for Samba 3.3.9 and it written that you fix the
>
> Fix trust relationships to windows 2008 (2008 r2)
>
>
> I just wonder if you encounter this issue.

No I haven't seen this, but be a bug then.

> Also how stable do you think samba to work with windows 2008 r2

I'm not aware of any problems with Samba >= 3.3.9 or >= 3.4.3

>
> I really appreciate it if you can help me with this issue.

In future please ask questions on samba@lists.samba.org and
file a bug at bugzilla.samba.org

Bug 7030 - buildfailure with 3.4.4
Bug#: 7030 Product:  Samba 3.4 Version: 3.4.4 Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: gd@samba.org QA Contact: samba-qa@samba.org
Component: Build environment Target Milestone: ---
URL: 
Summary: buildfailure with 3.4.4
Keywords:  
Opened: 2010-01-12 07:26 CST
Description:   Opened: 2010-01-12 07:26 CST
14:13 < janr> hi
14:13 < janr> there seems to be some kind of mismerge on 3.4-test branch
14:14 < janr> source4/torture/rpc/spoolss.c uses "struct spoolss_StringArray2"
which isn't defined anymore
14:14 < janr> due to this I can't build samba 3.4.4 :(

------- Comment #1 From Jan Rękorajski 2010-01-12 07:36:41 CST -------
Exact error message:

Compiling samba-3.4.4/source3/../source4/torture/rpc/spoolss.c
samba-3.4.4/source3/../source4/torture/rpc/spoolss.c: In function
'test_printer_keys':
samba-3.4.4/source3/../source4/torture/rpc/spoolss.c:2100: error: storage size
of 'key_buffer' isn't known

Bug 7059 - wcache_invalidate_samlogon should not use lp_winbind_offline_logon()
Bug#: 7059 Product:  Samba 3.4 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: metze@samba.org QA Contact: samba-qa@samba.org
Component: Winbind Target Milestone: ---
URL: 
Summary: wcache_invalidate_samlogon should not use lp_winbind_offline_logon()
Keywords:  
Opened: 2010-01-25 11:41 CST
Description:   Opened: 2010-01-25 11:41 CST
wcache_invalidate_samlogon is only called directly before
netsamlogon_cache_store(), that's why it should not turn into
a noop with "winbind offile logon = yes", as the cached vales
in winbind_cache.tdb would hide the new netsamlogon_cache.tdb information.

Bug 7064 - Error "_spoolss_AddPrinterDriverEx: level 8 not yet implemented" when attempting to upload drivers on samba
Bug#: 7064 Product:  Samba 3.4 Version: 3.4.3 Platform: x86
OS/Version: Windows NT Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: didier.brison@ibis.ulaval.ca QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: Error "_spoolss_AddPrinterDriverEx: level 8 not yet implemented" when attempting to upload drivers on samba
Keywords:  
Opened: 2010-01-26 09:07 CST
Description:   Opened: 2010-01-26 09:07 CST
From a Vista Home basic sp2 when I want to install a printer driver to Samba
server it start copying files and stop without any popup on the client.
Here is a part of my Syslog

Jan 25 19:27:57 toto smbd[13437]: [2010/01/25 19:27:57,  0]
rpc_server/srv_spoolss_nt.c:7646(_spoolss_AddPrinterDriver)
Jan 25 19:27:57 toto smbd[13437]:   _spoolss_AddPrinterDriverEx: level 8 not
yet implemented 
Jan 25 19:28:11 toto smbd[13437]: [2010/01/25 19:28:11,  1]
smbd/service.c:1226(close_cnum) 
Jan 25 19:28:11 toto smbd[13437]:   ibis-inf-2 (::ffff:132.203.160.8) closed
connection to service print$

Thanks for you help.

------- Comment #1 From Guenther Deschner 2010-01-26 09:35:59 CST -------
Ok, in case the windows clients attempts level 8 add (and fails) it will
fallback to level 6 add.

Are you seeing just this warning in the logs or is the addition of drivers
actually failing ?

------- Comment #2 From diedeer 2010-01-26 11:34:35 CST -------
It's just when I want to install printer driver from Vista to samba and it
appears in the syslog.
After that when I try to install the printer from samba to the Vista client I
receive this error popup "Windows cannot connect to the printer. Impossible to
terminate this operation (error 0x000006f7)" translated from french ;o).       

------- Comment #3 From diedeer 2010-01-26 14:57:18 CST -------
It's just when I want to install printer driver from Vista to samba and it
appears in the syslog.
After that when I try to install the printer from samba to the Vista client I
receive this error popup "Windows cannot connect to the printer. Impossible to
terminate this operation (error 0x000006f7)" translated from french ;o).       

------- Comment #4 From Guenther Deschner 2010-01-27 06:58:05 CST -------
Ah, ok, is this with 3.4.3 ?

It should be resolved with 3.4.4, can you please give the new samba release a
try ?

------- Comment #5 From Karolin Seeger 2010-02-09 07:16:40 CST -------
Lowering severity as we are waiting for feedback from the reporter and it
should be fixed 3.4.4 and newer.

------- Comment #6 From David Adam 2010-11-11 10:10:06 CST -------
I'm seeing this issue on 3.5.6.

[2010/11/12 00:06:01.782743,  0]
rpc_server/srv_spoolss_nt.c:7352(_spoolss_AddPrinterDriver)
  _spoolss_AddPrinterDriverEx: level 8 not yet implemented
[2010/11/12 00:06:01.810308,  0]
printing/nt_printing.c:1812(move_driver_file_to_download_area)
  move_driver_file_to_download_area: Unable to rename [x64/HPZLSLHN.DLL] to
[x64/3/HPZLSLHN.DLL]: NT_STATUS_NOT_SUPPORTED

Bug 7074 - "New Driver" button greyed out intermittently
Bug#: 7074 Product:  Samba 3.4 Version: 3.4.5 Platform: x64
OS/Version: Windows 7 Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: bugzilla.samba@john.holmstadt.com QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: "New Driver" button greyed out intermittently
Keywords:  
Opened: 2010-01-28 16:14 CST
Description:   Opened: 2010-01-28 16:14 CST
Most of the time, I can't get the "New Driver" button to display in the
Advanced tab. However, once in a great while, given the right circumstances, I
can get it to be active. This worked fine in Samba 3.2, but now that I've
upgraded to 3.4, it's difficult to get a point-n-print driver installed.

Steps to reproduce:
- Open \\smbtest\
- View remote printers (Printers and Faxes)
- Right-click the printer, and select Properties
- Answer "No" to install driver
- Go to Advanced tab
- "New Driver" button is grey

Then sometimes, this works...
- Close the printer properties window
- Open \\172.16.1.197 (the IP of "smbtest" server)
- View remote printers (Printers and Faxes)
- Right-click the printer, and select Properties
- Answer "No" to install driver
- Go to Advanced tab
- "New Driver" button is active

Then, just like that, it's gone again...
- Close the printer properties window
- Right-click the printer, and select Properties
- Answer "No" to install driver
- Go to Advanced tab
- "New Driver" button is grey again


I will attach the log file for each of these 3 stages.

------- Comment #1 From John Holmstadt 2010-01-28 16:15:39 CST -------
Created an attachment (id=5238) [details]
Log for Stage 1: Not Working

------- Comment #2 From John Holmstadt 2010-01-28 16:16:09 CST -------
Created an attachment (id=5239) [details]
Log for Stage 2: Working

------- Comment #3 From John Holmstadt 2010-01-28 16:16:45 CST -------
Created an attachment (id=5240) [details]
Log for Stage 3: Not Working, Again

------- Comment #4 From John Holmstadt 2010-01-28 16:19:46 CST -------
I suppose I should also give some detail on my system:
kernel 2.6.31.12-174.2.3.fc12.x86_64
smbstatus -V: Version 3.4.5-53.fc12

------- Comment #5 From John Holmstadt 2010-01-28 16:23:42 CST -------
Created an attachment (id=5241) [details]
Output of "testparm"

------- Comment #6 From Guenther Deschner 2010-02-09 12:21:43 CST -------
Is the user that is connecting to that box member of BUILTIN\Administrators ?

Also, "printer admin = root, "@Domain Admins, @Print", Operators" has a weird
format.

Can you please upload a log level 10 logfile of a non working case ?

------- Comment #7 From Karolin Seeger 2010-03-24 10:31:18 CST -------
Might be related to bug #7255 ("printer admin" parameter does not work as
expected).

Does it work properly when you are "root" or the user has the
SePrintOperatorPrivilege assigned?

Bug 7077 - net ads join uses REALM instead of workgroup for #1C name lookup
Bug#: 7077 Product:  Samba 3.5 Version: 3.5.0rc1 Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: metze@samba.org QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: net ads join uses REALM instead of workgroup for #1C name lookup
Keywords:  
Opened: 2010-01-29 05:12 CST
Description:   Opened: 2010-01-29 05:12 CST
I noticed this with 3.5.0rc1, but didn't have time to debug this.
A downgrade to 3.4.5 fixed it.

Bug 7094 - Samba 3.5.0 running in a VServer - invalid MAC Address
Bug#: 7094 Product:  Samba 3.6 Version: unspecified Platform: All
OS/Version: Linux Status: NEW Severity: minor Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: richard.lamboj@gmx.at QA Contact: samba-qa@samba.org
Component: Nmbd Target Milestone: ---
URL: 
Summary: Samba 3.5.0 running in a VServer - invalid MAC Address
Keywords:  
Opened: 2010-02-03 01:53 CST
Description:   Opened: 2010-02-03 01:53 CST
When i'am running "nbtstat -a server-name" and the Samba Deamon is running in
an Linux VServer than i will see a "invalid" MAC Address.

H:\>nbtstat -a server-test1

LAN-Verbindung:
Knoten-IP-Adresse: [192.168.10.68] Bereichskennung: []

      NetBIOS-Namentabelle des Remotecomputers

       Name               Typ          Status
    ---------------------------------------------
    SERVER-TEST1   <00>  EINDEUTIG   Registriert
    SERVER-TEST1   <03>  EINDEUTIG   Registriert
    SERVER-TEST1   <20>  EINDEUTIG   Registriert
    TEST1          <1E>  GRUPPE      Registriert
    TEST1          <00>  GRUPPE      Registriert

    MAC Adresse = 00-00-00-00-00-00

The Command should show the MAC Address of the Host System.

Bug 7171 - Problem adding Domain Group to Local Group in XP Pro
Bug#: 7171 Product:  Samba 3.4 Version: 3.4.2 Platform: x86
OS/Version: Windows XP Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: vscherbo@gmail.com QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: Problem adding Domain Group to Local Group in XP Pro
Keywords:  
Opened: 2010-02-23 08:21 CST
Description:   Opened: 2010-02-23 08:21 CST
+++ This bug was initially created as a clone of Bug #324 +++

## Problem:
Cannot add a Domain Group to a Local Security Group in Windows XP Professional
SP3.

## Windows Error Message:
"Information returned from the object picker for object "Domain Users" was
incomplete.  The object will not be processed."

## Steps took to discovery:
1. Logged on to the workstation as a (Samba) Domain Admin.  
2. I clicked on the Local Group Object "Remote Desktop Users".  
3. Clicked "Add to Group" to add a User Object to this Local Group Object. 
4. Clicked "Advanced" and "Find Now" to browse Domain Objects
5. Selected desiered Domain Group (Domain Users) then clicked "OK"
6. Updated field now shows Object as "DOMAINNAME\Domain Users"
7. Clicked "OK"
8. Received error message stated above.

## Changes made to WindowsXP Pro workstation:
1. These Registry keys: 
(HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Netlogon\Parameters\re
quiresignorseal = 0)
(HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Netlogon\Parameters\re
quirestrongkey = 0)

## Additional Information:
1. The Samba3.4.2 (samba-3.4.2-47.fc12.i686) Server is the only PDC on the
network and is a WINS server
2. I am using OpenLDAP 2.4.18 (openldap-2.4.18-5.fc12.i686) for authentication
2. The machine has a working trust account on the Samba Server.
3. The DOMAINNAME\Domain Admins Object was added to the Local Administrators
Group Object when the workstation joined the domain
4. The DOMAINNAME\Domain Users Object was added to the Local Users Group Object
when the workstation joined the domain

Thank you!

Bug 7238 - Users with SeMachineAccountPrivilege right are able to change users and groups accounts
Bug#: 7238 Product:  Samba 3.3 Version: 3.3.4 Platform: PPC
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: segfault@core-dumped.org QA Contact: samba-qa@samba.org
Component: User & Group Accounts Target Milestone: ---
URL: 
Summary: Users with SeMachineAccountPrivilege right are able to change users and groups accounts
Keywords:  
Opened: 2010-03-11 06:38 CST
Description:   Opened: 2010-03-11 06:38 CST
Users with SeMachineAccountPrivilege right are able to change users and groups
accounts

Using samba-3.3.4-0.1.146 on PPC SLES10.

------- Comment #1 From Volker Lendecke 2010-03-11 07:02:56 CST -------
Can you please upload your smb.conf together with a debug level 10 log of smbd
doing an operation that it should have denied?

Thanks,

Volker

------- Comment #2 From Guenther Deschner 2010-03-11 07:35:02 CST -------
Volker, I remember that we worked (hopefully fixed) exactly this during the
samr cleanup for 3.4.

------- Comment #3 From Volker Lendecke 2010-03-11 07:54:24 CST -------
Ok, you're the boss here :-)

Volker

------- Comment #4 From Guenther Deschner 2010-03-12 07:21:07 CST -------
Do you have a chance to use a recent 3.4 release ? There have been quite some
fixes in the area of these access checks that should resolve your issue. 

There won't be a new 3.3.x release as this is a discontinued series, so no
backports for these access checks are available right now. 

------- Comment #5 From Carlos Eduardo Pedroza Santiviago 2010-03-18 09:21:30 CST -------
I've upgraded to 3.5.1 and will look into this.

Bug 7245 - Interdomain Trust Relation between MS and Samba
Bug#: 7245 Product:  Samba 3.6 Version: unspecified Platform: x86
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: a.goro@change-cit.com QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: Interdomain Trust Relation between MS and Samba
Keywords:  
Opened: 2010-03-13 04:12 CST
Description:   Opened: 2010-03-13 04:12 CST
After creating a Samba PDC and integrating it with LDAP ( also using
smbldap-tools ), the linux machine is able to establish a 2way trust with other
linux machines that are set to do so. but when trying to establish a connection
to a MS AD the AD Server refuses this connection and ( in Security Events )
shows that there is no such user ( LSErver$ ) which is the Linux machine name.
the other way of the trust is working fine.

It is obvious that this is a MS problem and something needs to be done of the
AD server , BUT WHAT ? , when i try to add a user to the MS AD it tells me that
the user already exist ( though it doesnt appear to be anywhere ) i tried
everything on the net , and nothing appears to work.

I susspect that something needs to be modified in the MS registry but i wouldnt
know.

Bug 7258 - NULL pointer derref crash in _winreg_QueryValue
Bug#: 7258 Product:  Samba 3.5 Version: 3.5.0 Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: gd@samba.org QA Contact: samba-qa@samba.org
Component: File services Target Milestone: ---
URL: 
Summary: NULL pointer derref crash in _winreg_QueryValue
Keywords:  
Opened: 2010-03-17 06:10 CST
Description:   Opened: 2010-03-17 06:10 CST
There is a NULL pointer derref crash hanging out in _winreg_QueryValue.

Fixed (and tested) in master.

------- Comment #1 From Guenther Deschner 2010-03-17 06:11:01 CST -------
Created an attachment (id=5506) [details]
patch for 3.5

------- Comment #2 From Jeremy Allison 2010-03-17 11:55:16 CST -------
(From update of attachment 5506 [details])
Looks good to me.

------- Comment #3 From Michael Adam 2010-03-17 17:38:11 CST -------
(From update of attachment 5506 [details])
Looks reasonable to me.
Hopefully, I understand enough if idl, to justify my review flag... :-)

------- Comment #4 From Guenther Deschner 2010-03-18 04:39:25 CST -------
Karolin, please add to 3.5
(3.4 patch to follow...)

------- Comment #5 From Karolin Seeger 2010-03-18 05:32:15 CST -------
(In reply to comment #4)
> Karolin, please add to 3.5
> (3.4 patch to follow...)
> 

Pushed to v3-5-test.
Re-assiging to Günther.

Bug 7262 - Unable to maintain users' groups via UsrMgr
Bug#: 7262 Product:  Samba 3.5 Version: 3.5.4 Platform: Other
OS/Version: Linux Status: NEW Severity: critical Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: segfault@core-dumped.org QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: Unable to maintain users' groups via UsrMgr
Keywords:  
Opened: 2010-03-18 09:23 CST
Description:   Opened: 2010-03-18 09:23 CST
We've just upgraded to Samba 3.5.1 (Samba version 3.5.1-2332-SUSE-CODE10). Our
operators use UsrMgr to manage user and groups accounts.

However, after upgrading to 3.5.1, they're unable to manage the user groups
when they select the user to be managed.

If they first select the group, and then add the users to it, it works.

------- Comment #1 From Guenther Deschner 2010-03-18 14:17:33 CST -------
ok, a bit more information about your config (ldap backend?) would be helpful.

------- Comment #2 From Carlos Eduardo Pedroza Santiviago 2010-03-18 18:59:29 CST -------
OK! Sorry for the delay.

I am using OpenLDAP (2.3as backend. I'm attaching here the level 10 output from
the moment i select the user, and then click in Groups inside his profile,
while using UsrMgr.

------- Comment #3 From Carlos Eduardo Pedroza Santiviago 2010-03-18 19:00:07 CST -------
Created an attachment (id=5510) [details]
Level 10 log 

------- Comment #4 From Carlos Eduardo Pedroza Santiviago 2010-03-18 19:01:05 CST -------
Also, i forgot to mention that i downgraded to 3.4.7, using src rpm from SerNet
build, on SLES10. However, the error persists. 

------- Comment #5 From Karolin Seeger 2010-06-10 08:33:14 CST -------
Created an attachment (id=5788) [details]
Proposed patch created by Volker

------- Comment #6 From Karolin Seeger 2010-06-10 08:33:46 CST -------
Volker's patch fixed this issue in my setup.

------- Comment #7 From Michael Adam 2010-06-10 09:02:45 CST -------
(From update of attachment 5788 [details])
This looks good!

------- Comment #8 From Karolin Seeger 2010-06-10 09:13:55 CST -------
Pushed to v3-5-test, testing v3-4-test now...

------- Comment #9 From Karolin Seeger 2010-06-10 09:26:29 CST -------
Works in v3-4-test also. Pushed.
Closing out bug report.

Thanks!

------- Comment #10 From Björn Jacke 2010-06-30 05:28:14 CST -------
probably this patch breaks paged searches from 3.5.3 to 3.5.4. The second ldap
search is done with search cookie and new page size size 0.

Noticable is the bug also in "pdbedit -L" which stops after the number of "ldap
page size" entries with the message

"no talloc stackframe around, leaking memory"

------- Comment #11 From Karolin Seeger 2010-07-05 00:39:24 CST -------
Volker, can you confirm that this issue is caused by the patch?
Should we revert the patch or is an additional patch needed?

Thanks!

------- Comment #12 From Volker Lendecke 2010-07-05 00:43:46 CST -------
Karolin, I am very sorry but I can not confirm this at this moment. Björn has
promised to install a reproducing environment so that we can both see this. It
should be easy to figure out: Just install an LDAP server with a large number
of users and try pdbedit -L. Then try to reproduce this bug with and without
the patch in question. This should pretty quickly show if that patch is the
cause of the bug.

Volker

------- Comment #13 From Björn Jacke 2010-07-05 08:12:00 CST -------
the problem is reproduced. The fix from attachment 5788 [details] causes the bug.

------- Comment #14 From Carlos Eduardo Pedroza Santiviago 2010-07-05 08:32:47 CST -------
Hi, i'd just like to comment that in my previous setup, the problem was solved
after changing the sambaGroupType from "5" to "4" of the builtin groups. 

I wasn't able to issue the command "net sam list bultin" which always gave me
errors.

IIRC it was created by an old smbldap-tools package, and after changing that
UsrMgr worked like a charm.

------- Comment #15 From Volker Lendecke 2010-07-06 09:58:15 CST -------
Created an attachment (id=5829) [details]
Patch for master/3.5

------- Comment #16 From Volker Lendecke 2010-07-06 09:59:07 CST -------
Björn, can you test the bug and the paged results are both fixed with this
bug? If so, please push to master.

Thanks,

Volker

------- Comment #17 From Björn Jacke 2010-07-06 10:39:44 CST -------
(From update of attachment 5829 [details])
thanks, works for me and pushed to master. Günther, can you please also review
for the 3.5 cherry pick?

------- Comment #18 From Guenther Deschner 2010-08-16 06:17:55 CST -------
(In reply to comment #17)
> (From update of attachment 5829 [details] [details])
> thanks, works for me and pushed to master. Günther, can you please also review
> for the 3.5 cherry pick?

hm, no actually :)

one thing I notice is that now, with that patch in master, setting for example
"ldap page size = 2", will cause pdbedit -L to run into an infinite loop while
with 3.5.4 this still works.

I guess we need to investigate further here.

------- Comment #19 From Björn Jacke 2010-08-24 11:53:58 CST -------
Günther, this patch fixes paged searches with OpenLDAP libraries and server.
Without this patch any setup with LDAP involved and more than 1000 users or
groups is broken. We need the fix urgently, as the current stable 3.5 release
is affected by that and people keep bumping into it. Can you see what aspect of
this patch is breaking your 389 server setup?

------- Comment #20 From Karolin Seeger 2010-10-06 14:33:59 CST -------
Günther, is this one a showstopper for Samba 3.5.6 (scheduled for Friday)?

------- Comment #21 From Björn Jacke 2010-10-07 07:42:32 CST -------
there is too little progress here, we need a new 3.5 release, this bug may not
block it. Lowering severity to critical.

As it seems to be problem with OpenLDAP *without* Volker's patch and according
to Günthers tests a problem for DS389 *with* the patch package distributors
may or may not apply Volker's fix to their binary packages as an aditional
patch.

------- Comment #22 From Guenther Deschner 2010-10-07 13:42:17 CST -------
This is weird, when I choose a small "ldap page size" (of num_users - 1), it
loops in our smbldap paged results code, while "ldapsearch -Epr" works fine.

I guess fixing the memleak first and looking at the paged results code later is
what we should do.

------- Comment #23 From Guenther Deschner 2010-10-07 13:42:44 CST -------
(From update of attachment 5829 [details])
patch looks good

------- Comment #24 From Guenther Deschner 2010-10-07 13:43:30 CST -------
Karolin, please pick to 3.5.

------- Comment #25 From Karolin Seeger 2010-12-31 13:09:59 CST -------
(In reply to comment #24)
> Karolin, please pick to 3.5.
> 

Pushed.

------- Comment #26 From Karolin Seeger 2010-12-31 13:11:01 CST -------
(In reply to comment #22)
> This is weird, when I choose a small "ldap page size" (of num_users - 1), it
> loops in our smbldap paged results code, while "ldapsearch -Epr" works fine.
> 
> I guess fixing the memleak first and looking at the paged results code later is
> what we should do.
> 

Günther, can we close this bug report or is it still an issue?

Bug 7264 - rpcclient setprinterdriver not working if - in printername
Bug#: 7264 Product:  Samba 3.4 Version: 3.4.7 Platform: x86
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: mester@freemail.hu QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: rpcclient setprinterdriver not working if - in printername
Keywords:  
Opened: 2010-03-18 18:22 CST
Description:   Opened: 2010-03-18 18:22 CST
Hi,

I have a Samba 3.4.7 PDC server under Debian Lenny. Everything was fine with
Sambs 3.2.5 but I needed a newer one since I need to log in Win7 machines.

After updating to 3.4.7 cupsaddsmb was not working anymore. At the last step
(rpcclient setprinterdriver x y) if gave "WERR_INVALID_PARAM" error message.

After hours of trying everything and googling I finally found the solution: I
recreated the printer under CUPS but now without any - sign in the printername
(the old one was SamsungML-3051N and the new one is SamsungML3051N). Every
other settings are exactly the same.

And voi la cupsaddsmb runs without any problem and the XP Prof. SP3 clients can
download the printer driver from the Samba server.

It would be usefull if - sign works in the printer name or at least cupsaddsmb
gives and exclamation about it.

Bug 7303 - point and print printer dowload is not happening in windows xp and 2k3
Bug#: 7303 Product:  Samba 3.4 Version: 3.4.1 Platform: Other
OS/Version: Windows XP Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: suresh.udipi@wipro.com QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: point and print printer dowload is not happening in windows xp and 2k3
Keywords:  
Opened: 2010-03-28 14:21 CST
Description:   Opened: 2010-03-28 14:21 CST
I have installed 3.4.1 and uploaded PS3 drivers (point and print)using
rpcclient. When I try to download it on XP /2k3 , I get an error stating that
"XXX Driver is not installed properly". The same setup works fine in 2k
Machine. I have also tried with version above 3.4 (3.4.0/3.4.1/3.4.5)still I
get the same error "Driver not installed properly"

------- Comment #1 From suresh 2010-03-28 14:24:32 CST -------
Created an attachment (id=5556) [details]
Log10 file while download the driver in xp

I could not find any issues from the log.

Bug 7358 - Problems with newly joined clients!
Bug#: 7358 Product:  Samba 3.5 Version: 3.5.2 Platform: Other
OS/Version: Windows NT Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: Bartlomiej.Solarz-Niesluchowski@wit.edu.pl QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: Problems with newly joined clients!
Keywords:  
Opened: 2010-04-14 06:38 CST
Description:   Opened: 2010-04-14 06:38 CST
After upgrading samba on PDC from version 3.4.x (3.4.6) to version 3.5.2 we
have founded problems with newly joinde clients.

If we join client (Vista SP2) into domain when samba was at version 3.5.2 we
can not log into client error code on MS side was "The RPC Server is
Unavailable". The rest of the client which are joined before changing samba
3.5.2 working correctly

After downgrading to samba 3.4.7 everything working correctly.

Sorry for not attaching log but if i put level 10 (it is BUSY server) I cannot
filter important data.....

PS-I checked this BUG on TWO independent clients....

------- Comment #1 From Guenther Deschner 2010-05-27 05:30:38 CST -------
Can you please provide a little more data ? A network caputure of that failure
would be really helpful, see http://wiki.samba.org/index.php/Capture_Packets
for details. Thanks.

Bug 7361 - 'Printing Defaults' driver option disappear after v3.3->v3.5 upgrade
Bug#: 7361 Product:  Samba 3.5 Version: 3.5.2 Platform: x86
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: ryan.suarez@sheridanc.on.ca QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: 'Printing Defaults' driver option disappear after v3.3->v3.5 upgrade
Keywords:  
Opened: 2010-04-14 14:32 CST
Description:   Opened: 2010-04-14 14:32 CST
Running samba v3.3.9 on debian lenny to serve 300 printers to windows clients
(point and print).  Drivers are installed on the server using APW from windows
client.  After upgrade to v3.5.2 the 'Printing Defaults' button dissapear from
all the queues:
http://it.sheridanc.on.ca/support/missing-defaults.jpg

If I upload a new driver to the server and apply and close the window then the
"Printer Defaults" button shows again:
http://it.sheridanc.on.ca/support/with-defaults.jpg

However, this button will eventually disappear after opening/closing the driver
properties window a few times.

If I downgrade to v3.3.12 then the problem fixed.  This problem is
reproducible.

------- Comment #1 From Marc Muehlfeld 2010-05-05 05:31:37 CST -------
This sounds similar to my printer problems remaining in Bug ID #6727 after GD
made a patch that got included in 3.5.2.

Bug 7367 - Smbd core dump when trying upload printer drivers on server
Bug#: 7367 Product:  Samba 3.5 Version: 3.5.2 Platform: x86
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: cat666@inbox.ru QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: Smbd core dump when trying upload printer drivers on server
Keywords:  
Opened: 2010-04-16 12:05 CST
Description:   Opened: 2010-04-16 12:05 CST
[2010/04/12 00:14:23.304430,  0] lib/fault.c:50(fault_report)
  ===============================================================
[2010/04/12 00:14:23.304439,  0] lib/util.c:1465(smb_panic)
  PANIC (pid 30446): internal error
[2010/04/12 00:14:23.306294,  0] lib/util.c:1569(log_stack_trace)
  BACKTRACE: 26 stack frames:
   #0 smbd(log_stack_trace+0x2d) [0xb727fdc1]
   #1 smbd(smb_panic+0x78) [0xb727ff0e]
   #2 smbd [0xb726f3e8]
   #3 [0xffffe400]
   #4 smbd(clean_up_driver_struct+0xa1) [0xb72baee6]
   #5 smbd(_spoolss_AddPrinterDriver+0x15a) [0xb71b65c4]
   #6 smbd(_spoolss_AddPrinterDriverEx+0x4c) [0xb71b6b26]
   #7 smbd [0xb71c6e11]
   #8 smbd(api_pipe_request+0x413) [0xb7206e71]
   #9 smbd [0xb7200b77]
   #10 smbd(np_write_send+0x112) [0xb7201417]
   #11 smbd [0xb6fede19]
   #12 smbd [0xb6fee44b]
   #13 smbd(reply_trans+0x718) [0xb6fef033]
   #14 smbd [0xb704d4e2]
   #15 smbd [0xb704fe22]
   #16 smbd [0xb705067d]
   #17 smbd(run_events+0x1e8) [0xb728f952]
   #18 smbd(smbd_process+0x97b) [0xb704fb1c]
   #19 smbd [0xb75e72f5]
   #20 smbd(run_events+0x1e8) [0xb728f952]
   #21 smbd [0xb728fbfc]
   #22 smbd(_tevent_loop_once+0x9e) [0xb729014c]
   #23 smbd(main+0x11e6) [0xb75e86c3]
   #24 /lib/libc.so.6(__libc_start_main+0xe6) [0xb6cd335e]
   #25 smbd [0xb6fd01d1]
[2010/04/12 00:14:23.306422,  0] lib/fault.c:326(dump_core)
  dumping core in /var/log/samba/cores/smbd

------- Comment #1 From Guenther Deschner 2010-05-10 07:19:10 CST -------
Could you please provide a network trace / log.smbd level 10 of that operation
?

------- Comment #2 From cat666 2010-05-10 10:41:27 CST -------
Created an attachment (id=5692) [details]
smbd -d 10 log

------- Comment #3 From Guenther Deschner 2010-05-27 05:33:09 CST -------
Hm, no coredump visible in that logfile. Can you please retry to reproduce that
issue ? Also, a network capture
(http://wiki.samba.org/index.php/Capture_Packets) of that failure would be
helpful. Thanks.

Bug 7371 - smbd seg faults when windows client tries to print
Bug#: 7371 Product:  Samba 3.4 Version: 3.4.5 Platform: x86
OS/Version: FreeBSD Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: phil@weballey.com QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: smbd seg faults when windows client tries to print
Keywords:  
Opened: 2010-04-19 14:06 CST
Description:   Opened: 2010-04-19 14:06 CST
Using FreeBSD 8.0, Samba 3.4.5 freshly compiled out of the ports. (Everything
is working correctly at 3.0.37, so I think the OS stuff is setup and working
correctly).

Trying to setup the print driver auto downloads. Upload the drivers correctly
and touch the printing defaults to validate the tdb entries. Then on Windows
client, add the new printer queue and try to print test page. I get the test
print failed dialog box, and this in my /var/log/messages:

Apr 18 16:25:08 mail smbd[96641]: [2010/04/18 16:25:08,  0]
lib/fault.c:50(fault_report)
Apr 18 16:25:08 mail smbd[96641]:  
===============================================================
Apr 18 16:25:08 mail smbd[96641]: [2010/04/18 16:25:08,  0]
lib/fault.c:51(fault_report)
Apr 18 16:25:08 mail smbd[96641]:   INTERNAL ERROR: Signal 11 in pid 96641
(3.4.5)
Apr 18 16:25:08 mail smbd[96641]:   Please read the Trouble-Shooting section of
the Samba3-HOWTO
Apr 18 16:25:08 mail smbd[96641]: [2010/04/18 16:25:08,  0]
lib/fault.c:53(fault_report)
Apr 18 16:25:08 mail smbd[96641]:   
Apr 18 16:25:08 mail smbd[96641]:   From:
http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
Apr 18 16:25:08 mail smbd[96641]: [2010/04/18 16:25:08,  0]
lib/fault.c:54(fault_report)
Apr 18 16:25:08 mail smbd[96641]:  
===============================================================
Apr 18 16:25:08 mail smbd[96641]: [2010/04/18 16:25:08,  0]
lib/util.c:1480(smb_panic)
Apr 18 16:25:08 mail smbd[96641]:   PANIC (pid 96641): internal error
Apr 18 16:25:08 mail smbd[96641]: [2010/04/18 16:25:08,  0]
lib/util.c:1584(log_stack_trace)
Apr 18 16:25:08 mail smbd[96641]:   BACKTRACE: 21 stack frames:
Apr 18 16:25:08 mail smbd[96641]:    #0 0x12eff0d <smb_panic+93> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #1 0x12dda8f <dump_core_setup+2511> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #2 0xbfbfffb4
Apr 18 16:25:08 mail smbd[96641]:    #3 0x123ded7 <rpc_spoolss_init+16647> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #4 0x127a1c0 <api_pipe_request+896> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #5 0x12734e2 <np_read_send+6274> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #6 0x1273c15 <np_write_send+1781> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #7 0x109c5de <send_trans_reply+2670> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #8 0x109cbf1 <send_trans_reply+4225> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #9 0x109d618 <reply_trans+1464> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #10 0x10f904e
<remove_deferred_open_smb_message+1854> at /usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #11 0x10fba00 <chain_reply+1472> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #12 0x10fbd30 <chain_reply+2288> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #13 0x12ffb51 <run_events+385> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #14 0x10fb208 <smbd_process+1784> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #15 0x15b2bbc <main+5452> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #16 0x12ffb51 <run_events+385> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #17 0x12ffd7e
<event_add_to_select_args+526> at /usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #18 0x1300395 <_tevent_loop_once+149> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #19 0x15b27c7 <main+4439> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]:    #20 0x107e549 <_start+137> at
/usr/local/sbin/smbd
Apr 18 16:25:08 mail smbd[96641]: [2010/04/18 16:25:08,  0]
lib/fault.c:370(dump_core)
Apr 18 16:25:08 mail smbd[96641]:   dumping core in /var/log/samba34/cores/smbd
Apr 18 16:25:08 mail kernel: pid 96641 (smbd), uid 0: exited on signal 6
Apr 18 16:25:08 mail smbd[96641]: 

Everytime I hit the print test page, it drops core.

------- Comment #1 From Guenther Deschner 2010-06-07 07:43:30 CST -------
Can you please try with the latest bugfix release of the 3.4.x series ? There
have been many fixes around printing.

Bug 7377 - Windows 7 control-panel -> Printers and Faxes Hang
Bug#: 7377 Product:  Samba 3.4 Version: 3.4.5 Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: Luc.Lalonde@polymtl.ca QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: Windows 7 control-panel -> Printers and Faxes Hang
Keywords:  
Opened: 2010-04-20 12:22 CST
Description:   Opened: 2010-04-20 12:22 CST
Users are not able to view available Printers from Control-Panel (Printers and
Faxes)

Extra details:
- 32bit Windows 7 Enterprise
- member of a Samba 3.4.5 Samba-PDC

I've deactivated printing:

[global]
load printers = No
printing = cups
disable spollss = Yes
show add printer wizard = No

------- Comment #1 From Luc Lalonde 2010-04-20 12:42:44 CST -------
Created an attachment (id=5641) [details]
What a user sees when he/she tries to see the available printers

The attachment shows the green progress bar atop the 'Printers and Faxes'
window that seems to be searching forever without finding available peripherals
listing.

This problem is only present for a Samba-PDC user... If I logon as a local
machine user I do not get this problem.

------- Comment #2 From Guenther Deschner 2010-05-10 07:22:26 CST -------
Can you please provide a network caputure while this is happening ?

------- Comment #3 From Luc Lalonde 2010-05-10 09:46:41 CST -------
Created an attachment (id=5691) [details]
Requested network capture

Here you go... I captured the network traffic using Wireshark while I made
several attempts at seeing 'printers and peripherals'...

Bug 7432 - Resolver only tries to resolve IPv4 address when looking for the DC
Bug#: 7432 Product:  Samba 3.6 Version: unspecified Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: kai@samba.org QA Contact: samba-qa@samba.org
Component: Client Tools Target Milestone: ---
URL: 
Summary: Resolver only tries to resolve IPv4 address when looking for the DC
Keywords:  
Opened: 2010-05-18 04:27 CST
Description:   Opened: 2010-05-18 04:27 CST
When trying to net ads join a current master s3 server to a win2k8r2 on an
IPv6-only network, net tries to look up the domain controller. win2k8r2 replies
to the DNS SRV query with the IPv6 address of the DC in the "additional data"
field. net ignores that information and subsequently tries to look up the A
record of the DC's hostname. On an IPv6-only network, this obviously fails.

------- Comment #1 From Guenther Deschner 2010-05-18 09:50:25 CST -------
Oddly, this is nicely working on Fedora12 on RHEL6 beta.

Kai, you were seeing this on two Ubuntu versions, right ?

------- Comment #2 From Kai Blin 2010-05-18 10:09:22 CST -------
I'm seeing that on Ubuntu 10.04 for sure, I'll have to look up the version of
Ununtu the other VM is using once I get home. I'm certain that was pre-10.04,
I'm just not sure if it's an 8.04 or 9.04.

Bug 7444 - nt_printer_publish and check_published_printers should release krb5 cache override
Bug#: 7444 Product:  Samba 3.5 Version: 3.5.3 Platform: x86
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: mark@la-croix.net QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: nt_printer_publish and check_published_printers should release krb5 cache override
Keywords:  
Opened: 2010-05-20 10:57 CST
Description:   Opened: 2010-05-20 10:57 CST
The kerberos code in the nt_printer_publish and check_published_printers
routines in source3/printing/nt_printing.c make the following call:

setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1)

This overrides the library default kerberos cache for the process (for linux,
/tmp/krb5cc_<uid>).  If another routine relies on default kerberos cache
settings (e.g. nss_ldap), this causes problems.

This can be resolved by calling unsetenv(KRB5_ENV_CCNAME) before exiting the
nt_printer_publish and check_published_printers routines.

Bug 7459 - after upgrade to samba 3.4 and 3.5 lose ability to control duplex for normal domain user
Bug#: 7459 Product:  Samba 3.5 Version: 3.5.3 Platform: x64
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: alessandro.bono@gmail.com QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: after upgrade to samba 3.4 and 3.5 lose ability to control duplex for normal domain user
Keywords:  
Opened: 2010-05-26 16:44 CST
Description:   Opened: 2010-05-26 16:44 CST
Hi

I upgrade a server from samba 3.3.9 to 3.5.3 but users not present in Print
Operators group can't use duplex options, same problem with 3.4
Print Operators has write permission on [print] share and
SePrintOperatorPrivilege right

server is a xen vm with ubuntu hardy 64bit
clients are windows xp pro 32bit and vista pro 64bit
printer is a Minolta di251 with driver from official site

by now I have added all users on Print Operators group but it's not a good
solution

tell me if you need other info

------- Comment #1 From Guenther Deschner 2010-06-08 05:20:13 CST -------
What do you mean with "can't use", are they not visible, not selectable, don't
store ?

Please describe exactly the steps to reproduce.

Thanks.

------- Comment #2 From Alessandro Bono 2010-06-15 08:06:42 CST -------
Hi Guenther

duplex setting is not selectable for user because duplex unit result not
installed, to reproduce install driver 

http://download6.konicaminolta.eu/konmin/servlet/KonMinMaster?path=../attachment.jsp&mode=load&id=412568A3004F27104723F0AF83937878C1256D8D004DD0D5&filename=Pi3502PCL6Win2000WinXP_1012i.exe

and on server add "duplex unit" to the "available option" on last tab
(peripheral options)
with 3.3 means in duplex ability for all users, with 3.5 this informationm is
lost

I tried to install driver to a clean 3.5.3 but upload driver fails and on samba
log I found this message

  solidworks (10.153.1.244) connect to service print$ initially as user root
(uid=0, gid=0) (pid 13581)
[2010/06/15 14:43:02.227000,  0] lib/fault.c:46(fault_report)
  ===============================================================
[2010/06/15 14:43:02.227067,  0] lib/fault.c:47(fault_report)
  INTERNAL ERROR: Signal 11 in pid 13581 (3.5.3)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2010/06/15 14:43:02.227092,  0] lib/fault.c:49(fault_report)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2010/06/15 14:43:02.227109,  0] lib/fault.c:50(fault_report)
  ===============================================================
[2010/06/15 14:43:02.227125,  0] lib/util.c:1465(smb_panic)
  PANIC (pid 13581): internal error
[2010/06/15 14:43:02.302396,  0] lib/util.c:1569(log_stack_trace)
  BACKTRACE: 29 stack frames:
   #0 smbd(log_stack_trace+0x1a) [0x7f294657ec9a]
   #1 smbd(smb_panic+0x1f) [0x7f294657ed5f]
   #2 smbd(+0x37364d) [0x7f294656e64d]
   #3 /lib/libc.so.6(+0x33af0) [0x7f2943625af0]
   #4 /lib/libc.so.6(+0x84aea) [0x7f2943676aea]
   #5 smbd(+0x3b7ec5) [0x7f29465b2ec5]
   #6 smbd(clean_up_driver_struct+0x55) [0x7f29465b3045]
   #7 smbd(_spoolss_AddPrinterDriver+0xc8) [0x7f29464c1ee8]
   #8 smbd(_spoolss_AddPrinterDriverEx+0x30) [0x7f29464c2440]
   #9 smbd(+0x2d7cd6) [0x7f29464d2cd6]
   #10 smbd(+0x314b42) [0x7f294650fb42]
   #11 smbd(api_pipe_request+0x190) [0x7f2946510270]
   #12 smbd(+0x30e4de) [0x7f29465094de]
   #13 smbd(np_write_send+0x588) [0x7f2946509ab8]
   #14 smbd(+0x118839) [0x7f2946313839]
   #15 smbd(+0x118acb) [0x7f2946313acb]
   #16 smbd(reply_trans+0x642) [0x7f2946314902]
   #17 smbd(+0x17a877) [0x7f2946375877]
   #18 smbd(+0x17ac17) [0x7f2946375c17]
   #19 smbd(+0x17b16d) [0x7f294637616d]
   #20 smbd(run_events+0x1b2) [0x7f294658e742]
   #21 smbd(smbd_process+0x750) [0x7f2946374e50]
   #22 smbd(+0x67f38e) [0x7f294687a38e]
   #23 smbd(run_events+0x1b2) [0x7f294658e742]
   #24 smbd(+0x3939f1) [0x7f294658e9f1]
   #25 smbd(_tevent_loop_once+0x90) [0x7f294658edd0]
   #26 smbd(main+0xb03) [0x7f294687b073]
   #27 /lib/libc.so.6(__libc_start_main+0xfd) [0x7f2943610c4d]
   #28 smbd(+0xfcce9) [0x7f29462f7ce9]
[2010/06/15 14:43:02.302599,  0] lib/util.c:1470(smb_panic)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 13581]
[2010/06/15 14:43:02.334847,  0] lib/util.c:1478(smb_panic)
  smb_panic(): action returned status 0
[2010/06/15 14:43:02.335111,  0] lib/fault.c:326(dump_core)
  dumping core in /var/log/samba/cores/smbd
[2010/06/15 14:43:02.781618,  1] smbd/service.c:1069(make_connection_snum)
  solidworks (10.153.1.244) connect to service print$ initially as user root
(uid=0, gid=0) (pid 13585)
[2010/06/15 14:43:06.493030,  1] smbd/service.c:1250(close_cnum)
  solidworks (10.153.1.244) closed connection to service print$


btw with 3.3.x I can create a default configuration but client not receive this
information

thanks for your support

------- Comment #3 From Guenther Deschner 2010-06-16 04:52:17 CST -------
Created an attachment (id=5792) [details]
v3-5-test patch

for the driver re-install, can you check if that patch fixes it ?

------- Comment #4 From Andreas Schneider 2010-06-16 04:58:55 CST -------
The patch looks fine.

------- Comment #5 From Guenther Deschner 2010-06-16 05:32:42 CST -------
Karolin, please pick for v3-5-test and leave bug open.

------- Comment #6 From Karolin Seeger 2010-06-16 08:54:19 CST -------
(In reply to comment #5)
> Karolin, please pick for v3-5-test and leave bug open.
> 

Pushed to v3-5-test.
Reassigning to Günther.

------- Comment #7 From Alessandro Bono 2010-06-16 11:26:02 CST -------
I can confirm crash fixed with patch applied

thanks

------- Comment #8 From Marc Muehlfeld 2010-12-08 09:27:10 CST -------
This sounds similar to the problem I have since 3.4 till now:
https://bugzilla.samba.org/show_bug.cgi?id=7679

Configured driver options are not available for normal users any more. But in
3.5.6 (the last version I had tested) it wasn't fixed. 

Bug 7480 - Error in cli_Net* - wrong string params fetching from packets
Bug#: 7480 Product:  Samba 3.4 Version: 3.4.4 Platform: x86
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: pootek@tlen.pl QA Contact: samba-qa@samba.org
Component: File services Target Milestone: ---
URL: 
Summary: Error in cli_Net* - wrong string params fetching from packets
Keywords:  
Opened: 2010-05-29 18:40 CST
Description:   Opened: 2010-05-29 18:40 CST
When using cli_NetSessionEnum to get sessions from win server 2003R2, wrong
data is returned, even though wireshark shows everything's fine.

In libsmb/clirap2.c function rap_getstringp should rather return always 4
(dword size) instead of string length. That's because (on my win server)
cli_Net* functions use this as an offset in packet: "p += res", so p shouldn't
be incremented with string-param length. Begining of packet (that p points to)
is filled with strings offsets, and string values are further, so we're only
reading string offsets, so we should move only 4 bytes, not e.g.
13=string_length.

------- Comment #1 From Tomasz Kowalski 2010-05-29 18:45:32 CST -------
The problem still persists in version 3.5.3.

------- Comment #2 From Derrell Lipman 2010-05-29 19:34:20 CST -------
change component

------- Comment #3 From Volker Lendecke 2010-05-30 03:00:11 CST -------
Guenther, you've been deep in RAP encoding lately. Maybe you can take a look?

Thanks,

Volker

------- Comment #4 From Tomasz Kowalski 2010-05-30 09:01:06 CST -------
Created an attachment (id=5748) [details]
This change makes things work on my config (at least cli_NetSessionEnum works
OK)

Bug 7506 - Cannot print from Windows Server 2008 (x64) Terminal Server to samba-hosted printer
Bug#: 7506 Product:  Samba 3.5 Version: 3.5.3 Platform: x64
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: dev.null9675234@gmail.com QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: Cannot print from Windows Server 2008 (x64) Terminal Server to samba-hosted printer
Keywords:  
Opened: 2010-06-09 18:03 CST
Description:   Opened: 2010-06-09 18:03 CST
I hope that this is a bug and not something which I've misconfigured, but: 1)
noone on the Samba list seems to recognise it, and 2) it works from XP but not
Server 2008, which seems highly suspicious.

I have a redhat EL5 samba server hosting a collection of printers and
joined to a domain.  I can connect to this server and print happily from
a 32-bit XP box on the domain, but a 64-bit windows server 2008 box
cannot connect, and returns the error: "Windows cannot connect to the printer:
Operation could not be completed (error 0x000006d1)."

I get the same results with samba 3.0.33 (came with redhat), 3.5.3 (the
latest from sernet), and 3.3.12 (this message from the samba-technical
archives -
http://lists.samba.org/archive/samba-technical/2010-February/069145.html
- mentions that at least as of February there were issues with 3.4.x+
and 64-bit client OS'.)

From the 2008 machine, I can browse the samba server in wexplorer and
see the printers, but trying to set up a networked printer generates the
error above.  /var/log/samba/log.smb from the time around the failed connection
(using 3.3.12 - the last version I tried) contains:

[2010/06/08 11:35:36,  3] smbd/ipc.c:handle_trans(442)
  trans <\PIPE\> data=44 params=0 setup=2
[2010/06/08 11:35:36,  3] smbd/ipc.c:named_pipe(393)
  named pipe command on <> name
[2010/06/08 11:35:36,  4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1231)
  search for pipe pnum=71df
[2010/06/08 11:35:36,  3] smbd/ipc.c:api_fd_reply(351)
  Got API command 0x26 on pipe "spoolss" (pnum 71df)
[2010/06/08 11:35:36,  3] rpc_server/srv_pipe_hnd.c:free_pipe_context(500)
  free_pipe_context: destroying talloc pool of size 0
[2010/06/08 11:35:36,  4] rpc_server/srv_pipe.c:api_rpcTNP(2352)
  api_rpcTNP: spoolss op 0x1d - api_rpcTNP: rpc command:
SPOOLSS_CLOSEPRINTER
[2010/06/08 11:35:36,  4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(179)
  Policy not found: [000] 00 00 00 00 18 00 00 00  00 00 00 00 0E 4C 78
8D  ........ .....Lx.
  [010] 28 24 00 00                                       ($..
[2010/06/08 11:35:36,  2]
rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(273)
  find_printer_index_by_hnd: Printer handle not found: Policy not found:
[000] 00 00 00 00 18 00 00 00  00 00 00 00 0E 4C 78 8D  ........ \
.....Lx.
  [010] 28 24 00 00                                       ($..
[2010/06/08 11:35:36,  2]
rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(273)
  find_printer_index_by_hnd: Printer handle not found:
close_printer_handle: Invalid handle (OURS:9256:9256)
[2010/06/08 11:35:36,  4] rpc_server/srv_pipe.c:api_rpcTNP(2387)
  api_rpcTNP: bad handle fault return.

(I'll add the full log in as an attachment.)

I set up wireshark to do a packet trace of the connection attempt.  I'm
not familiar enough with what the traffic should look like to know whats
unusual, but the one thing that jumped out at me towards the end of the
conversation was a SPOOLSS OpenPrinterEx request on the network printer,
followed by a response with the return code of 5 - Access denied.
"Aha!" I say to myself, must be a permissions problem... but a packet
trace of the successful connection from the XP box shows several similar
Access denied messages.  Maybe that means its irrelevant, but it seemed worth
mentioning - I'll attach a packet trace as well.

------- Comment #1 From Dev Null 2010-06-09 18:06:12 CST -------
Created an attachment (id=5785) [details]
log.smbd

log.smbd from the time around a failed connection attempt

------- Comment #2 From Dev Null 2010-06-09 18:07:45 CST -------
Created an attachment (id=5786) [details]
wireshark packet trace

Wireshark pcap file for the time around a failed connection.

------- Comment #3 From Dev Null 2010-06-09 18:10:13 CST -------
Created an attachment (id=5787) [details]
output from testparm

output from testparm - my smb.conf without all the annoying comments

------- Comment #4 From Dev Null 2010-06-11 11:47:54 CST -------
Now this is interesting...

The Server 2008 machine I was using to test this was running Windows server
2008 _Terminal Server_.  (Sorry, should have noticed and mentioned that
earlier.)  Tested it today running s Server 2008 x64 _without_ Terminal Server,
and it prints fine.  So it sounds like its actually the Terminal Server aspect
thats causing the problem.  Since I hadn't noticed this before, I'll do some
more digging to see if this is a known problem that I had simply misidentified,
and post the results here.

------- Comment #5 From Dev Null 2010-06-11 19:01:15 CST -------
Ok, apparently Microsoft completely changed the way printing is done from
Terminal Server between 2003 and 2008 - see
http://technet.microsoft.com/en-us/library/cc753853%28WS.10%29.aspx for
details.  We have found a workaround:

1) On the Windows Server 2008 TS host, bring up the Server Manager.
2) Under Features, install Group Policy Management if it isn't installed
already.
3) Under Group Policy Management, drill down til you find the policy which is
applying to your machine.
4) Right click the Group Policy Object and select "edit".
5) In the resulting editor window, drill down to Computer
Configuration:Policies:Administrative Templates:Printers
6) Find the setting "Always render print jobs on the server" and disable it.
7) reboot the machine.

So its definitely Windows' fault (surprise surprise).  Whether this therefore
counts as a bug in samba or not I will leave up to you folks to decide; I am
satisfied with my workaround, so you can close this out if you like as far as
I'm concerned.

Bug 7532 - The security view of properties of a shared file or directory always has the user 'everyone',can not delete.
Bug#: 7532 Product:  Samba 3.5 Version: unspecified Platform: All
OS/Version: Windows XP Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: menhoy@163.com QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: The security view of properties of a shared file or directory always has the user 'everyone',can not delete.
Keywords:  
Opened: 2010-06-24 01:04 CST
Description:   Opened: 2010-06-24 01:04 CST
OS: Windows XP,Windows 2003 server,Windows 2008 server as client.

samba share to the clients with administor ACL.

administor client can not delete the user "everyone" and user group "domain
users",or "users",event if they all have NULL ACL.

------- Comment #1 From wenhai 2010-06-24 01:13:55 CST -------
Created an attachment (id=5805) [details]
We have fixed the bug and test samba in AD domain.This fix based on samba
3.5.3,wish to be merged as soon as possible.

We have fixed the bug and test samba in AD domain.
this fix based on samba 3.5.3,wish to be merged as soon as possible.

------- Comment #2 From Volker Lendecke 2010-06-24 02:19:11 CST -------
One question:

What language and charset are your comments written in?

Thanks,

Volker

------- Comment #3 From wenhai 2010-06-24 11:18:19 CST -------
(In reply to comment #2)
> One question:
> What language and charset are your comments written in?
> Thanks,
> Volker

We come from China,comments written in simplified Chinese.

------- Comment #4 From Volker Lendecke 2010-06-24 12:49:28 CST -------
Can you re-submit with english comments, and as a diff?

Thanks,

Volker

------- Comment #5 From Jeremy Allison 2010-06-24 13:01:24 CST -------
I'm trying to understand exactly what you want and expect here. If you're
mapping to underlying POSIX permissions, then not being able to delete group
and everyone is by design. If you're using an underlying ACL store to store
Windows ACLs, and you can't delete group and everyone, then that is a bug.

What is the underlying issue you're trying to correct ? Also seeing the change
as a unified diff would really help.

Thanks,

Jeremy.

------- Comment #6 From wenhai 2010-06-25 13:39:06 CST -------
(In reply to comment #4)
> Can you re-submit with english comments, and as a diff?
> Thanks,
> Volker

My English is just so so.may not express myself exactly.
I'll have a try as you request.

------- Comment #7 From wenhai 2010-06-25 13:46:43 CST -------
(In reply to comment #5)
> I'm trying to understand exactly what you want and expect here. If you're
> mapping to underlying POSIX permissions, then not being able to delete group
> and everyone is by design. If you're using an underlying ACL store to store
> Windows ACLs, and you can't delete group and everyone, then that is a bug.
> What is the underlying issue you're trying to correct ? Also seeing the change
> as a unified diff would really help.
> Thanks,
> Jeremy.


We don't change the underlying,but just change the view of the client.

While the client want to see the security properties of a shared file or
directory.If the 'everyone' user have no access right,they should not be seen
at all.

So we make a filter function,those who have no access right ACE in the response
DACL to client are filter out.

------- Comment #8 From Jeremy Allison 2010-06-25 13:53:49 CST -------
Ah, so this is simply an user visible modification. The correct way to do this
is not to change the core Samba code, but to write a VFS module that hooks the
two functions :

fget_nt_acl
get_nt_acl

to make the change you require. That way it's an optional feature you can load
on any share you think requires it.

Jeremy.

------- Comment #9 From wenhai 2010-06-25 14:02:05 CST -------
(In reply to comment #8)
> Ah, so this is simply an user visible modification. The correct way to do this
> is not to change the core Samba code, but to write a VFS module that hooks the
> two functions :
> fget_nt_acl
> get_nt_acl
> to make the change you require. That way it's an optional feature you can load
> on any share you think requires it.
> Jeremy.

Thanks for your quick reply.
It's a good idea.
I am not familiar with VFS of samba yet.

------- Comment #10 From wenhai 2010-06-25 14:10:14 CST -------
It's 3 AM in my home,I have to go to sleep.
Thank you all!

------- Comment #11 From wenhai 2010-06-25 15:29:05 CST -------
(In reply to comment #8)
> Ah, so this is simply an user visible modification. The correct way to do this
> is not to change the core Samba code, but to write a VFS module that hooks the
> two functions :
> 
> fget_nt_acl
> get_nt_acl
> 
> to make the change you require. That way it's an optional feature you can load
> on any share you think requires it.
> 
> Jeremy.
> 

Both these two functions: fget_nt_acl / get_nt_acl
call get_nt_acl_internal
Is it better to change get_nt_acl_internal and make a filter in it?

------- Comment #12 From Jeremy Allison 2010-06-25 15:32:00 CST -------
No. What I'm saying is you need to write a filter VFS module, that hooks those
two functions, calls the underlying VFS call (using the _NEXT method) and then
filters the ACL returned based on your criteria. You will be writing new code,
not changing any existing Samba code.

Jeremy.

Bug 7550 - [Printers] share should not include remote CUPS printers
Bug#: 7550 Product:  Samba 3.4 Version: 3.4.7 Platform: x86
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: aheinlein@gmx.com QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: [Printers] share should not include remote CUPS printers
Keywords:  
Opened: 2010-07-05 08:33 CST
Description:   Opened: 2010-07-05 08:33 CST
We have a network with a central print server, which shares printers with
connected Ubuntu clients automatically via CUPS browsing. That means every
Ubuntu client gets the full printer list automatically. Windows clients use
Samba to print over this machine. Works pretty well.

Now, there are some machines with local printers. These need to be shared, too,
for Windows and Ubuntu clients. However, when creating a smb.conf with a
printers share, this share contains not only the local printer, but also all
other printers found via CUPS browsing. I need to create a special printer
share instead, explicitly using "printer name" to specify the local printer.
This is, IMHO, not expected behaviour, and should be changed.

Bug 7604 - Print queue Not updating
Bug#: 7604 Product:  Samba 3.5 Version: 3.5.4 Platform: x64
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: ssureshot@gmail.com QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: Print queue Not updating
Keywords:  
Opened: 2010-08-05 10:05 CST
Description:   Opened: 2010-08-05 10:05 CST
I'm using Samba v3.5.4 with cups printing. The samba print queue is not
clearing out after print jobs have spooled and printed. The jobs do print but
the jobs just stay queued once finished. I have to manually go into
/var/lib/samba/printing and delete the (printername).tdb then restart samba.. 

Since printing is mostly working I do not have any error logs with any relevant
info.

I cannot put this server live until I can get this resolved. 

I've seen mention of this for past samba versions but not for current versions.

------- Comment #1 From Björn Jacke 2010-09-21 22:14:20 CST -------
I guess you can see segfaults in the log files? I guess this fixed with
http://git.samba.org/samba.git/?p=samba.git;a=commit;h=e4ba8fb3b9a6eebe7a56179f67d1aeff64cf1abc
Can you confirm this?

------- Comment #2 From Björn Jacke 2010-09-23 16:03:47 CST -------
as it works for me with the mentioned fix which is already in v3-5-test I
change severity from blocker to normal. Aaron, let us know if we can close it,
otherwise please give more detailed information like printer tdb files,
smbd.conf etc.

------- Comment #3 From Alejandro Escanero Blanco 2010-11-16 12:34:51 CST -------
I find the same problem with Samba 3.5.6.
The queue never update.
lpq -PPRINTER give us no jobs
On rpcclient (and windows clients) enumjobs PRINTER give us all the jobs
printed.
No cores at all, no problem with permissions.

Log level 6 has this interesting information:
[2010/11/16 18:19:02.054279,  9, effective(0, 0), real(0, 0)]
printing/nt_printing.c:4011(get_a_printer_2)
  Unpacked printer [PRINTER] name [\\SERVER\PRINTER] running driver [HP Color
LaserJet 2605dn_2605dtn PCL 6]
[2010/11/16 18:19:02.054335,  4, effective(0, 0), real(0, 0)]
printing/printing.c:1066(print_cache_expired)
  print_cache_expired: cache expired for queue PRINTER (last_qscan_time = -1,
time now = 1289927942, qcachetime = 10)
[2010/11/16 18:19:02.054392,  4, effective(0, 0), real(0, 0)]
printing/printing.c:1082(print_cache_expired)
  print_cache_expired: message already pending for PRINTER.  Accepting cache

Ever the same message, the server never check cups and ever check the
PRINTER.tdb.

Thanks

Bug 7615 - Windows Server R2 could not join domain
Bug#: 7615 Product:  Samba 3.4 Version: 3.4.3 Platform: x64
OS/Version: Windows 2008 R2 Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: me@alank.net QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: Windows Server R2 could not join domain
Keywords:  
Opened: 2010-08-12 07:27 CST
Description:   Opened: 2010-08-12 07:27 CST
Configuration:  Lotus Foundations Start Server 1.2.1 (Samba 3.4.3) acting as
domain controller.  Windows Server 2008 acting as SQL Server only.

Problem:  Upgraded to Windows Server 2008 R2 and Windows Server would not join
domain controlled by Lotus Foundations Start Server.

Work around:  Backed off to Windows Server 2008.

Bummer factor:  I'm sitting on $1,000 worth of Windows Server 2008 R2

Reason for submitting:  To see if I did something wrong, and if not, let others
know of issue.

Thanks

Bug 7628 - passdb backend = ldapsam:"something" yields ldap_initialize: Bad parameter to an ldap routine
Bug#: 7628 Product:  Samba 3.5 Version: 3.5.4 Platform: Other
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: matare@lih.rwth-aachen.de QA Contact: samba-qa@samba.org
Component: Config Files Target Milestone: ---
URL: 
Summary: passdb backend = ldapsam:"something" yields ldap_initialize: Bad parameter to an ldap routine
Keywords:  
Opened: 2010-08-18 09:16 CST
Description:   Opened: 2010-08-18 09:16 CST
The man page suggests putting ldap server URIs in double quotes. However when I
specify:

passdb backend = ldapsam:"ldap://server"

I get:

# net sam provision
Checking for Domain Users group.
Adding the Domain Users group.
[2010/08/18 15:52:53.471848,  0] lib/smbldap.c:757(smb_ldap_setup_conn)
  ldap_initialize: Bad parameter to an ldap routine
[2010/08/18 15:52:54.472040,  0] lib/smbldap.c:757(smb_ldap_setup_conn)
  ldap_initialize: Bad parameter to an ldap routine
...

But when I specify:

passdb backend = ldapsam:ldap://server

Everything works fine. That's pretty counterintuitive...

------- Comment #1 From Karolin Seeger 2010-08-24 09:45:53 CST -------
Günther, is this by design?

Bug 7632 - Samba OpenLDAP schema does not allow substring search for many attributes
Bug#: 7632 Product:  Samba 3.5 Version: 3.5.4 Platform: All
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: mail@rolandgruber.de QA Contact: samba-qa@samba.org
Component: Config Files Target Milestone: ---
URL: 
Summary: Samba OpenLDAP schema does not allow substring search for many attributes
Keywords:  
Opened: 2010-08-19 12:56 CST
Description:   Opened: 2010-08-19 12:56 CST
Hi,

I suggest to allow substring searches for additional attributes (e.g. the
domain name, logon script, ...). This allows users to run LDAP searches when
they only know a part of the attribute value.

The attachment provides a patch for the samba.schema file.

------- Comment #1 From Roland Gruber 2010-08-19 12:57:31 CST -------
Created an attachment (id=5911) [details]
OpenLDAP schema patch

------- Comment #2 From Karolin Seeger 2010-10-06 14:07:09 CST -------
Reassigning to Günther for review.

Bug 7641 - cupsaddsmb loops endlessly and throws WERR_INVALID_PARAM
Bug#: 7641 Product:  Samba 3.5 Version: 3.5.4 Platform: x86
OS/Version: Linux Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: domen@dev.si QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: cupsaddsmb loops endlessly and throws WERR_INVALID_PARAM
Keywords:  
Opened: 2010-08-23 04:52 CST
Description:   Opened: 2010-08-23 04:52 CST
cupsaddsmb -H localhost -h localhost -U samba -v HP4L

Seems like driver won't install for Windows 4.0, see the attached logs.

------- Comment #1 From Domen Kožar 2010-08-23 04:57:02 CST -------
Created an attachment (id=5915) [details]
output.txt

command output

------- Comment #2 From Guenther Deschner 2010-08-24 03:11:25 CST -------
Have you checked you use correct credentials ?

Please see if 
smbclient //localhost/print$ -U samba

succeeds first.

------- Comment #3 From Domen Kožar 2010-08-24 03:21:05 CST -------
Yes, I get into the smb console issuing that command.

------- Comment #4 From Guenther Deschner 2010-08-25 06:27:45 CST -------
Hm, weird. I tried myself and could not reproduce. Can you please give more
information ? What exact package version, what kind of domain setup, smb.conf,
etc.

------- Comment #5 From Domen Kožar 2010-08-25 06:47:24 CST -------
3.5.4 from Gentoo main tree. installed flags:

acl client cups ldap netapi pam readline server smbclient syslog

Attaching smb.conf, anything else relevant? cups version: 1.3.11

------- Comment #6 From Domen Kožar 2010-08-25 07:20:36 CST -------
Created an attachment (id=5924) [details]
smb.conf

smb.conf

------- Comment #7 From Guenther Deschner 2010-08-25 15:39:44 CST -------
Ok, I can reproduce a failure with your config, though probably not the one you
are seeing (NT_STATUS_LOGON_FAILURE - which is a clear pointer to a user
password mismatch or a non existing unix/smbuser).

The failure I see in my reproducer is a a misconfiguration.

You force everything to happen under samba, and grant root privileges only in
the print$ share, that way the openprinterex with strong access rights fails.

If I add for example "printer admin = root, samba" to the global section, it
works.

------- Comment #8 From Domen Kožar 2010-08-25 19:11:20 CST -------
Here is what I did:

* added "printer admin = root, samba" to smb.conf
* restarted samba
* ran command as samba and as root, same error

It seems like driver successfully install for different windows versions, but
not for "Windows 4.0", that's why I would guess it's not a permission problem.

------- Comment #9 From Guenther Deschner 2010-08-27 04:03:30 CST -------
(In reply to comment #8)
> Here is what I did:
> 
> * added "printer admin = root, samba" to smb.conf
> * restarted samba
> * ran command as samba and as root, same error
> 
> It seems like driver successfully install for different windows versions, but
> not for "Windows 4.0", that's why I would guess it's not a permission problem.

Here cupsaddsmb tries to find the i386 drivers in /usr/share/cups/drivers. Do
you have all the drivers you need in that directory ?

------- Comment #10 From Domen Kožar 2010-08-27 04:12:54 CST -------
lipus drivers # pwd
/usr/share/cups/drivers
lipus drivers # ls -a
ADFONTS.MFM   ADOBEPS4.HLP  cups6.ini    cupsui6.dll  ps5ui.dll     pscript.hlp
 PSMON.DLL
ADOBEPS4.DRV  cups6.inf     cupsps6.dll  ICONLIB.DLL  pscript5.dll  pscript.ntf

------- Comment #11 From Guenther Deschner 2010-08-27 04:46:11 CST -------
Hm, I don't use the Adobe drivers but the MS drivers for postscript but that
shouldnt make a difference here, I guess.

Only high debugging levels might help from here:

please add "log level = 10" and "max log size = 0" temporarily to your smb.conf
and upload the client and server logging output.

Thanks

------- Comment #12 From Domen Kožar 2010-08-27 05:16:39 CST -------
Created an attachment (id=5932) [details]
cupsaddsmb.out

cupsaddsmb.out

------- Comment #13 From Domen Kožar 2010-08-27 05:17:15 CST -------
Created an attachment (id=5933) [details]
/var/log/samba/log.smbd

smbd.log

------- Comment #14 From Domen Kožar 2010-08-27 05:17:55 CST -------
Created an attachment (id=5934) [details]
/var/log/samba/log.127.0.0.1

log.127.0.0.1

------- Comment #15 From Guenther Deschner 2010-08-27 05:31:00 CST -------
ok, I see. config file is NULL in the addprinterdriver operation, this is
something we don't permit on the server-side. I need to check what the correct
solution for this is.

------- Comment #16 From Domen Kožar 2010-08-31 10:35:58 CST -------
Is there anything I can do on my side?

------- Comment #17 From Guenther Deschner 2010-09-01 05:17:01 CST -------
No, I see the problem, expect to have a fix soon.

------- Comment #18 From Domen Kožar 2010-10-01 18:06:51 CST -------
Ping, don't want to be rude, just looking for status :)

------- Comment #19 From Guenther Deschner 2010-11-30 04:29:47 CST -------
Created an attachment (id=6094) [details]
patch for addprinterdriver server call

Can you please verify this patch ?

------- Comment #20 From Domen Kožar 2010-11-30 17:10:20 CST -------
Hey, thanks for the patch. Unfortunately it's not working, still looping
endlessly. Do you want another verbose output? Here is a snippet:


Running command: rpcclient localhost -N -A /tmp/4cf583df6acac -c 'setdriver
HP4L HP4L'
Connecting to host=localhost
Connecting to 127.0.0.1 at port 445
Doing spnego session setup (blob length=58)
got OID=1.3.6.1.4.1.311.2.2.10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x608a8215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
result was WERR_INVALID_PARAM

------- Comment #21 From Guenther Deschner 2010-11-30 17:35:38 CST -------
Hm, are you sure you have restarted smbd after you patched the sourcecode ? If
not, then please upload the samba logfiles and maybe also a network trace.

------- Comment #22 From Guenther Deschner 2010-11-30 18:32:33 CST -------
Are you applying this patch on top of the v3-5-test tree ? Just tested that and
it worked just fine now.

------- Comment #23 From Domen Kožar 2010-12-01 05:36:18 CST -------
I am applying against  3.5.6, I will paste the logs soon!

------- Comment #24 From Domen Kožar 2010-12-01 15:59:44 CST -------
Created an attachment (id=6097) [details]
/var/log/samba/log.smbd

smbd log file

------- Comment #25 From Domen Kožar 2010-12-05 15:52:36 CST -------
Any additional info needed? Here is what I did:

* recompiled samba 3.5.6 with the patch
* restarted samba services
* ran cupsaddsmb

Still same result

------- Comment #26 From Guenther Deschner 2010-12-06 10:27:27 CST -------
Hm, that new logfile does not show a single attempt to anything printing
related, maybe we need to have the log.127.0.0.1 logfile. Can you please upload
that instead ?

------- Comment #27 From Guenther Deschner 2011-01-04 04:09:43 CST -------
any news ?

------- Comment #28 From Domen Kožar 2011-01-05 15:42:53 CST -------
Created an attachment (id=6181) [details]
/var/log/samba/log.127.0.0.1

Client log

------- Comment #29 From Guenther Deschner 2011-01-14 10:42:31 CST -------
(In reply to comment #28)
> Created an attachment (id=6181) [details] [details]
> /var/log/samba/log.127.0.0.1
> 
> Client log
> 

Thanks, but again: absolutely nothing printing related in that logfile. Can you
give the exact command line you where using ? and also the output of "find
/usr/share/cups/drivers" would be helpful.

------- Comment #30 From Guenther Deschner 2011-01-14 10:43:50 CST -------
Karolin, can you please add the patch to 3.5 ? It is definitely correct what
the patch does.

------- Comment #31 From Guenther Deschner 2011-01-14 10:44:58 CST -------
spoke too soon, we need the review first...

------- Comment #32 From Andreas Schneider 2011-01-14 10:51:27 CST -------
(From update of attachment 6094 [details])
Looks fine for me!

------- Comment #33 From Guenther Deschner 2011-01-14 11:21:19 CST -------
ok, this time :)

------- Comment #34 From Domen Kožar 2011-01-14 12:55:18 CST -------
/usr/share/cups/drivers/
/usr/share/cups/drivers/cupsui6.dll
/usr/share/cups/drivers/ADOBEPS4.DRV
/usr/share/cups/drivers/ADOBEPS4.HLP
/usr/share/cups/drivers/ps5ui.dll
/usr/share/cups/drivers/cups6.inf
/usr/share/cups/drivers/cups6.ini
/usr/share/cups/drivers/pscript.hlp
/usr/share/cups/drivers/pscript.ntf
/usr/share/cups/drivers/PSMON.DLL
/usr/share/cups/drivers/cupsps6.dll
/usr/share/cups/drivers/pscript5.dll
/usr/share/cups/drivers/ICONLIB.DLL
/usr/share/cups/drivers/cupsaddsmb.out
/usr/share/cups/drivers/ADFONTS.MFM


Using $ cupsaddsmb -h localhost -H localhost -a -U samba -v

------- Comment #35 From Karolin Seeger 2011-01-15 09:57:57 CST -------
(In reply to comment #30)
> Karolin, can you please add the patch to 3.5 ? It is definitely correct what
> the patch does.
> 

Pushed to v3-5-test.
Can we close this bug report now or is it still an issue?

------- Comment #36 From Domen Kožar 2011-01-15 11:32:06 CST -------
Bug is still present for me. Attaching cupsaddsmb verbose output.

------- Comment #37 From Domen Kožar 2011-01-15 11:37:32 CST -------
Created an attachment (id=6206) [details]
out.log

cupsaddsmb verbose output

Bug 7677 - No access to server possible
Bug#: 7677 Product:  Samba 3.6 Version: 3.6.0pre1 Platform: x64
OS/Version: Windows XP Status: NEW Severity: blocker Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: muehlfeld@medizinische-genetik.de QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: No access to server possible
Keywords:  
Opened: 2010-09-13 09:31 CST
Description:   Opened: 2010-09-13 09:31 CST
When I start 3.6.0pre1, the message
   reload_printers: Could not create system server_info
appears in smbd.log. The daemons are running, but it's not possible to access
the server (file- and print services). So this is a blocker for further
testing/usage.

I attached a level 10 debug log with the error.

------- Comment #1 From Marc Muehlfeld 2010-09-13 09:32:53 CST -------
Created an attachment (id=5957) [details]
smbd.log

Bug 7678 - Reject auth request from machine account & Windows 7
Bug#: 7678 Product:  Samba 3.5 Version: 3.5.4 Platform: x64
OS/Version: Windows 7 Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: linuxbox@wavenet.at QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: Reject auth request from machine account & Windows 7
Keywords:  
Opened: 2010-09-13 11:28 CST
Description:   Opened: 2010-09-13 11:28 CST
Hi!

As the help of the samba mailing list does not lead to anything, and everything
I tried to troubleshoot was not sucessfully - I do file a bug here:

I am using Ubuntu 8.04.4 with samba 3.5.4 and ldap as backend.

If a windows 7 machine (with the registry entries according the samba - windows
7 wiki) joins the domain, the domain controller refuses the machine account
every logon of a domain user:

netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth
request from client XXX machine account XXX$

The machine accounts are visible on the linux host (getent passwd) and as
add machine scripts I am using the smbldap-tools.

Windows XP does not show that behaviour.

Maybe I can find some more help here.

regards
Martin

------- Comment #1 From Szombathelyi György 2010-09-24 03:00:37 CST -------
Probably 3447 and this are the same

------- Comment #2 From Martin Hochreiter 2010-09-24 03:53:38 CST -------
(In reply to comment #1)
> Probably 3447 and this are the same
> 

Sounds quit similar, I monitor both further, but I am missing kind of reaction
from the developers here

regards

------- Comment #3 From Martin Hochreiter 2010-10-11 07:59:05 CST -------
Created an attachment (id=6008) [details]
Log level 256 samba.log

I did a log level 256 - login with samba 3.5.5 and windows 7 

Please find the log attached and have a look at it

------- Comment #4 From olaf@navi.pl 2011-02-02 05:21:29 CST -------
Created an attachment (id=6243) [details]
Log 10 level when joining to domain

Log level 10 for adding Windows 7 to domain

------- Comment #5 From olaf@navi.pl 2011-02-02 05:23:00 CST -------
I have the same problem when joining to domain with Win 7.
Windows 2000 and XP join OK.
The attachment added above.

------- Comment #6 From Volker Lendecke 2011-02-02 09:59:46 CST -------
Very likely this is a dup of bug 7743. Can you try the patch in there? 

https://bugzilla.samba.org/attachment.cgi?id=6027&action=view

3.5.7 with this patch will be released very soon, you might consider waiting.

Volker

------- Comment #7 From olaf@navi.pl 2011-02-10 03:45:52 CST -------
I'll wait for 3.5.7. 

Bug 7679 - Printer drivers loose their settings (just for users, not for admin)
Bug#: 7679 Product:  Samba 3.5 Version: 3.5.6 Platform: x64
OS/Version: Windows XP Status: NEW Severity: critical Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: muehlfeld@medizinische-genetik.de QA Contact: samba-qa@samba.org
Component: Printing Target Milestone: ---
URL: 
Summary: Printer drivers loose their settings (just for users, not for admin)
Keywords:  
Opened: 2010-09-13 13:52 CST
Description:   Opened: 2010-09-13 13:52 CST
On 3.3.13 all our Sharp MX-2600n printers are preconfigured on the server (e.
g. number of trays, etc.). All users automatically have this settings.

Then I upgrade to 3.5.4. Some hours/minutes after starting smbd, if users view
the properties of their conneced printers or from the ones available on the
server, most settings are lost (number of trays, output bin,...). Even
reconnecting the printer doesn't fix it.

But: If the domain administrator views the properties on the server or on their
connected printers, everything looks fine like in 3.3.x

I meanwhile have deleted all nt*.tdb and printing/* from the lock directory and
uploaded/reconfigured all printers from scratch with the latest drivers. It's
still the same: Fine for admin, broken for the users.

Switching back to 3.3.x doesn't repair this issue! It stays broken. The only
way is to install 3.3.x and recover the appertaining lock directory.

All drivers are uploaded with the printer wizzard.

Printer driver: Sharp MX-2600n v1007a for Windows XP 32-Bit PostScript

I don't know if 3.5.x also breaks other printer drivers. But we have many of
the MX-2600, so I haven't checked others.

------- Comment #1 From Marc Muehlfeld 2010-09-13 13:54:07 CST -------
Created an attachment (id=5958) [details]
nt*.tdb files from 3.3.13

This are the nt*.tdb files from the log directory when using 3.3.13

------- Comment #2 From Marc Muehlfeld 2010-09-13 13:55:28 CST -------
Created an attachment (id=5959) [details]
nt*.tdb files from 3.5.4

This are the nt*.tdb files from the lock directory when using 3.5.4.

------- Comment #3 From Marc Muehlfeld 2010-09-13 14:00:43 CST -------
Created an attachment (id=5960) [details]
vm-02.zip

Compressed client level 10 debug log, that contains opening the printers
properties on 3.5.4 and clicking to the "Configuration" tab as normal user,
that e. g. shows two paper trays instead of four.

------- Comment #4 From Marc Muehlfeld 2010-09-13 14:01:59 CST -------
Created an attachment (id=5961) [details]
Settings_Screenshot.png

Screenshot as normal user from the correct settings on 3.3.13 and with the lost
settings on 3.5.4.

------- Comment #5 From Marc Muehlfeld 2010-09-14 09:06:56 CST -------
I meanwhile figured out, that this bug doesn't appear for users having the
privilege "SePrintOperatorPrivilege".

If I grant SePrintOperatorPrivilege for a normal user, where the settings are
shown wrong, everything is fine after re-login. If I revoke the privilege and
re-login again, it's broken like before.

But granting SePrintOperatorPrivilege is not a workaround, as it would allow
all users to configure the printers on the server and change settings.

I'll attach a tcpdump of viewing the printer properties as admin/user to
compare.

------- Comment #6 From Marc Muehlfeld 2010-09-14 09:07:31 CST -------
Created an attachment (id=5963) [details]
tcpdump_as_admin

------- Comment #7 From Marc Muehlfeld 2010-09-14 09:07:49 CST -------
Created an attachment (id=5964) [details]
tcpdump_as_user

------- Comment #8 From Marc Muehlfeld 2010-10-21 09:04:01 CST -------
Problem still exists in 3.5.6

------- Comment #9 From Vladislav Krahulec 2010-12-02 07:15:56 CST -------
Created an attachment (id=6098) [details]
Samba 3.5.3

Samba 3.5.3 works good - Factory default and A4 format with right sizing

------- Comment #10 From Vladislav Krahulec 2010-12-02 07:16:58 CST -------
Created an attachment (id=6099) [details]
Samba 3.5.4

Samba 3.5.4 with bad sizing of A4 paper

------- Comment #11 From Vladislav Krahulec 2010-12-02 07:22:34 CST -------
I have the VERY same problem. After upgrade openSuSE 11.1 to openSuSE 11.3
(therefore Samba from 3.2.7 to Samba 3.5.4) my printers have lost preconfigured
settings. Before upgrade I was able to choose "Factory defaults" with good
sizing of A4 paper. After upgrade using that causing that A4 format is wrong. I
will try to attach some pictures.

I have tried to compile samba versions from 3.4.3 to 3.5.6 (because RPM from
openSuSE repository for "openSuSE 11.3" was first which was "good"). In Samba
3.5.4 "our" problem has started (I have tested it with printer PCL5e driver for
HP LaserJet 1200).

I have tried version 3.6.0 too, but there I cannot add printer driver due to
much of "segmentation faults"

I move servicing of my printers for Windows to another server, where I can
leave old distribution openSuSE 11.1 with good working Samba 3.2.7

------- Comment #12 From Marc Muehlfeld 2010-12-02 07:24:07 CST -------
> Samba 3.5.3 works good - Factory default and A4 format with right sizing

I can't confirm this for our Sharp MX 2600 devices. I tried all 3.5 versions
since 3.5.0 and having the problem with all of them.

Also 3.4 is having the problem. I tried 3.4.0 and some minor version from that
tree. Also broken.

3.3.x is fine with all version. So the problem (at least with our drivers) came
in 3.4.0.

------- Comment #13 From Vladislav Krahulec 2010-12-02 07:44:42 CST -------
(In reply to comment #12)
> > Samba 3.5.3 works good - Factory default and A4 format with right sizing
> 
> I can't confirm this for our Sharp MX 2600 devices. I tried all 3.5 versions
> since 3.5.0 and having the problem with all of them.
> 
> Also 3.4 is having the problem. I tried 3.4.0 and some minor version from that
> tree. Also broken.
> 
> 3.3.x is fine with all version. So the problem (at least with our drivers) came
> in 3.4.0.
> 

I tried only "HP LaserJet 1200 PCL5e" driver. I use it for several "HP LaserJet
2055d" printers with JetDirect because "original" driver needs .NET and I am
not able to upload it on Samba server. It worked fine in past. Other printers
(Minolta MC 2300 DL, Minolta bizHub C220, Minolta bizHub C252 and Xerox
WorkCentre Pro 245) has problem with Samba 3.5.4 too but due to time
consumption of testing I chose only one driver which serves most of our
printers.

Bug 7714 - IPV6 doamin join is not happening in only ipv6 enabled domain controller
Bug#: 7714 Product:  Samba 3.3 Version: 3.3.14 Platform: Other
OS/Version: Windows XP Status: NEW Severity: normal Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: rangan.sundararajan@wipro.com QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: IPV6 doamin join is not happening in only ipv6 enabled domain controller
Keywords:  
Opened: 2010-10-06 05:26 CST
Description:   Opened: 2010-10-06 05:26 CST
i am trying to connect my samba enabled pc to 2008 server (only ipv6
enabled),but couldn;t not able to join.

i am getting the error unable to find the server.

------- Comment #1 From rangan 2010-10-06 05:29:46 CST -------
Created an attachment (id=5998) [details]
Logs of winbindd during the join with pure ipv6 .. 

Bug 7722 - SAMBA as PDC on SLES 10.2 - Error when Users on Windows Client try to change password
Bug#: 7722 Product:  Samba 3.5 Version: 3.5.5 Platform: Other
OS/Version: Linux Status: NEW Severity: major Priority: P3
Resolution:  Assigned To: gd@samba.org Reported By: luca_santoro@libero.it QA Contact: samba-qa@samba.org
Component: Domain Control Target Milestone: ---
URL: 
Summary: SAMBA as PDC on SLES 10.2 - Error when Users on Windows Client try to change password
Keywords:  
Opened: 2010-10-11 04:36 CST