Samba Connect problems
Rossi, Marc
MarcR at crt.com
Fri Dec 19 23:22:02 GMT 1997
Thanks in advance for reading this slightly long post. I checked the
comp.protocols.smb archives along with the web site for info and was
unsuccessful. All help and information is greatly appreciated.
We are using Samba (1.9.17p3) for access to our Clearcase VOBS which are
stored on a UNIX box (I'm aware this is supposedly not supported, but it
has been working great up until these problems cropped up). Since our
upgrade to NT 4.0, we have seen problems where clients are unable to
access their Samba shares after a period of inactivity. All clients are
accessing the shares using UNC only. If they access a share and perform
some action (usually a checkout/checkin), the smbd prints out the
message saying the client has connected and all is fine. After this
connection times out and the smbd prints out the message saying the
client disconnected, the client no longer is able to access the share,
with all attempts resulting in a message saying that the password is
invalid (The server prints out the message "Invalid guest account,
portbyron???", where the name "portbyron" is actually the hostname of
the client). I am aware that this may not be a Samba problem, but could
lie in the MVFS (Clearcase) file system driver, or even in NT itself (we
are running 4.0 SP3). What I am looking for is either a fix for Samba
(if it is indeed a Samba problem), or a workaround (possibly changing
our config file to allow access to the shares differently -- see below).
We have our shares setup to allow access by all users as themselves
without having to enter a password. The following is our configuration
section for the share in question:
[usr2]
comment = Clearcase
guest ok = yes
guest account = %U <- Force guest account to that of
the user requesting access
guest only = yes <- Force all clients to use guest
account
browseable = yes
path = /usr2
read only = no
public = yes
As you can see we are forcing all users to access the share as the guest
account (to avoid asking for a password), and using the %U template to
let the access as their own account. Is there a better way to do this,
this was the first thing I could come up with and if there is a better
way (possibly avoiding all of the guest account stuff), maybe it would
avoid this problem all together.
We put a sniffer on the wire and found that on successful connects to
the smbd, there is a frame which includes both a Setup account, and
Connect request as below:
SUMMARY Delta T Destination Source Summary
10 0.00324 pancake [192.9.200.101] SMB C Setup
account PAYSON
SMB C
Connect ?????\\140.102.132.10\IPC$
SMB: ----- SMB Session Setup & more Command -----
SMB:
SMB: Function = 73 (Session Setup & more)
SMB: Tree id (TID) = 0000
SMB: Process id (PID) = CAFE
SMB: Flags2 = 0003
SMB: 0... .... .... .... = Application does not understand
Unicode strings
SMB: .0.. .... .... .... = Application does not understand NT
status codes
SMB: ..0. .... .... .... = Application does not do paging I/O
SMB: .... .... .... ..1. = Application understands extended
attributes
SMB: .... .... .... ...1 = Application understands OS/2 1.2
file names
SMB: Word count = 13
SMB: Flags = 1X
SMB: ...1 .... = Pathnames are already in canonicalized format
SMB: Maximum size of consumer buffer = 61440 bytes
SMB: Maximum number of multiplexed pending requests = 2
SMB: Type = 0: First (only) virtual circuit
SMB: Session key = 000042BC
SMB: Capabilities (low order word) = 00D4
SMB: .... .... 1... .... = Level II oplocks supported
SMB: .... .... .1.. .... = NT status codes recognized
SMB: .... .... ...1 .... = NT SMBs supported
SMB: .... .... .... 0... = Large files not supported
SMB: .... .... .... .1.. = Unicode strings recognized
SMB: Empty case insensitive password
SMB: Empty case sensitive password
SMB: Account name = "PAYSON"
SMB: Domain name = CHICAGO-DEV
SMB: Native operating system = "Windows NT 1381"
SMB: Native LAN manager = ""
SMB:
SMB: Extra word parameter = 00D4
SMB: Extra word parameter = 0000
Sniffer Network Analyzer data from 16-Dec-97 at 16:38:18, file
C:\FDCAP\PANCAKE3.FDC, Page 8
SMB:
SMB: *** The SMB byte count records 16 extra data bytes
SMB: Extra string parameter = [Invalid data type]
SMB:
SMB: ----- SMB Tree Connect & more Command -----
SMB:
SMB: Function = 75 (Tree Connect & more)
SMB: Word count = 4
SMB: Connect flags = 0000
SMB: .... .... .... ...0 = Do not disconnect TID
SMB: Password = ""
SMB: Server = "\\140.102.132.10\IPC$"
SMB: Service (device) = "?????"
SMB:
SMB: ----- End of SMB chain -----
SMB:
After this frame, the smbd responds with a Setup OK and Connect OK
packet. This is what we see during successful attempts. On failed
attempts to connect, we see a frame go by which only contains a Connect
request, no Setup request (why wouldn't there be a setup request, does
the client still think it has a connection?). This frame, and the
corresponding deny reply from the smbd are shown below:
SUMMARY Delta T Destination Source Summary
283 0.00136 pancake [140.102.54.41] SMB C
Connect ?????\\PANCAKE\USR2
SMB: ----- SMB Tree Connect & more Command -----
SMB:
SMB: Function = 75 (Tree Connect & more)
SMB: Tree id (TID) = 0000
SMB: Process id (PID) = CAFE
SMB: User id (UID) = 09A0
SMB: Multiplex id (MID) = 001C
SMB: Flags2 = 0003
SMB: 0... .... .... .... = Application does not understand
Unicode strings
SMB: .0.. .... .... .... = Application does not understand NT
status codes
Sniffer Network Analyzer data from 16-Dec-97 at 16:17:32, file
C:\FDCAP\PANCAK1.FDC, Page 184
SMB: ..0. .... .... .... = Application does not do paging I/O
SMB: .... .... .... ..1. = Application understands extended
attributes
SMB: .... .... .... ...1 = Application understands OS/2 1.2
file names
SMB: Word count = 4
SMB: Connect flags = 0000
SMB: .... .... .... ...0 = Do not disconnect TID
SMB: Password = ""
SMB: Server = "\\PANCAKE\USR2"
SMB: Service (device) = "?????"
SMB:
SMB: ----- End of SMB chain -----
SMB:
- - - - - - - - - - - - - - - - Frame 284 - - - - - - - - - - -
- - - - - -
SUMMARY Delta T Destination Source Summary
284 0.10810 [140.102.54.41] pancake SMB R Bad
password
SMB: ----- SMB Tree Connect & more Response -----
SMB:
SMB: Function = 75 (Tree Connect & more)
SMB: Tree id (TID) = 0000
SMB: Process id (PID) = CAFE
SMB: User id (UID) = 09A0
SMB: Multiplex id (MID) = 001C
SMB: Flags2 = 0001
SMB: 0... .... .... .... = Application does not understand
Unicode strings
SMB: .0.. .... .... .... = Application does not understand NT
status codes
SMB: ..0. .... .... .... = Application does not do paging I/O
SMB: .... .... .... ..0. = Application does not understand
extended attributes
SMB: .... .... .... ...1 = Application understands OS/2 1.2
file names
SMB: Return code: Class = 2, Error = 2 (Bad password)
SMB: 2 bytes of Remaining SMB Data.
SMB:
SMB: ----- End of SMB chain -----
SMB:
Thanks for your help.
-----
Marc Rossi
312.234.2933
NationsBank Information
Services
233 S. Wacker Dr., Suite 2600 Network Systems
Programming
Chicago, IL 60606 Internet:
marcr at crt.com
More information about the samba
mailing list