Internal error being generated in LSA_LOOKUPSIDS

Mon Feb 16 19:47:26 GMT 1998

Hello,

I am getting the following error in my NT Wksta machine log file
(the NT workstation is denying access to any domain user after this
error occurs):

It appears to be coming from the LSA_LOOKUPSIDS RPC call

debug level 3:

api_rpc_command:
LSA_LOOKUPSIDS
=============================================================
==
INTERNAL ERROR: Signal 11 in pid 768 (ntdom-1.9.18alpha14)
Please read
the file BUGS.txt in the
distribution
===============================================================

chdir to /
Closing connections
02/16/1998 11:08:11 1micro1
(143.107.70.218) closed connection to service IPC$
Yielding connection to
12 IPC$
02/16/1998 11:08:11 1micro1 (143.107.70.218) closed connection to
service aluno3
Yielding connection to 58 aluno3
Yielding connection to 58
STATUS.
Yield successful
02/16/1998 11:08:11 1micro1 (143.107.70.218)
closed connection to service winsrv
Yielding connection to 72
winsrv
Yielding connection to 72 STATUS.
Yield successful
fd_attempt_close
on file_fd_struct 0, fd = 6, dev = 808, inode = 245cb, open_flags = 0,
ref_count = 1.
02/16/1998 11:08:11 aluno3 closed file
MSOffice/Access/SOA300.DLL (numopen=0)
Last message was
SMBtrans
size=188
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb
_flg2=3
smb_tid=12
smb_pid=51966
smb_uid=101
smb_mid=11712
smt_wct=16
smb_vw
v[0]=0 (0x0)
smb_vwv[1]=112 (0x70)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=1024
(0x400)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0
(0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0
(0x0)
smb_vwv[10]=76 (0x4C)
smb_vwv[11]=112 (0x70)

Increasing the debug level to 5:

api_rpc_command: api_ntlsa_rpc op 0xf - api_rpc_command:
LSA_LOOKUPSIDS
000018 lsa_io_q_lookup_sids 
        000018 data: 00 00 00
00 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 
        00002c
num_entries : 00000002
        000030 ptr_sid_enum: 00154238
        000034
num_entries2: 00000002
        000038 ptr_sid[0]: 00154e20
        00003c
ptr_sid[1]: 00154e44
            000040 num_auths: 00000006

000044 sid_rev_num: 01
                000045 num_auths  : 06

  000046 id_auth[0] : 00
                000047 id_auth[1] : 00

    000048 id_auth[2] : 00
                000049 id_auth[3] : 00

      00004a id_auth[4] : 00
                00004b id_auth[5] : 05

        00004c sub_auths : 00000015 0000007b 000001c8 00000315 0000007b
000005dc 
            000064 num_auths: 00000006
                000068
sid_rev_num: 01
                000069 num_auths  : 06

00006a id_auth[0] : 00
                00006b id_auth[1] : 00

  00006c id_auth[2] : 00
                00006d id_auth[3] : 00

    00006e id_auth[4] : 00
                00006f id_auth[5] : 05

      000070 sub_auths : 00000015 0000007b 000001c8 00000315 0000007b
000005dc 
        000088 num_entries    : 00000000
        00008c
ptr_trans_names: 00000000
        000090 num_entries2   :
000f0002
===============================================================
INT
ERNAL ERROR: Signal 11 in pid 533 (ntdom-1.9.18alpha14)
Please read the
file BUGS.txt in the
distribution
===============================================================

chdir to /
unbecome_user now uid=(0,0) gid=(0,0)
Closing
connections
02/16/1998 15:32:24 1micro1 (143.107.70.218) closed connection
to service netlogon
Yielding connection to 6 netlogon
Yielding connection
to 6 STATUS.
Yield successful
closing dptr key 0
closing dptr key 1
closing
dptr key 2
closing dptr key 3
02/16/1998 15:32:24 1micro1 (143.107.70.218)
closed connection to service winsrv
Yielding connection to 11
winsrv
Yielding connection to 11 STATUS.
Yield successful
02/16/1998
15:32:24 1micro1 (143.107.70.218) closed connection to service
IPC$
Yielding connection to 12 IPC$
02/16/1998 15:32:24 1micro1
(143.107.70.218) closed connection to service aluno1
Yielding connection to
61 aluno1
Yielding connection to 61 STATUS.
Yield successful
02/16/1998
15:32:24 1micro1 (143.107.70.218) closed connection to service lp
Yielding
connection to 109 lp
Yielding connection to 109 STATUS.
Yield
successful
Last message was
SMBtrans
size=228
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb
_flg2=3
smb_tid=12
smb_pid=51966
smb_uid=100
smb_mid=10752
smt_wct=16
smb_vw
v[0]=0 (0x0)
smb_vwv[1]=152 (0x98)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=1024
(0x400)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0
(0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0
(0x0)
smb_vwv[10]=76 (0x4C)
smb_vwv[11]=152 (0x98)
smb_vwv[12]=76
(0x4C)
smb_vwv[13]=2 (0x2)
smb_vwv[14]=38 (0x26)
smb_vwv[15]=2050
(0x802)
smb_bcc=161
[000] 5C 50 49 50 45 5C 00 5C  00 05 00 00 03 10 00 00
\PIPE\.\ ........
[010] 00 98 00 00 00 04 00 00  00 80 00 00 00 00 00 0F
........ ........
[020] 00 00 00 00 00 04 05 06  07 08 09 0A 0B 0C 0D 0E
........ ........
[030] 0F 10 11 12 13 02 00 00  00 38 42 15 00 02 00 00
........ .8B.....
[040] 00 20 4E 15 00 44 4E 15  00 06 00 00 00 01 06 00  .
N..DN. ........
[050] 00 00 00 00 05 15 00 00  00 7B 00 00 00 C8 01 00
........ .{......
[060] 00 15 03 00 00 7B 00 00  00 DC 05 00 00 06 00 00
.....{.. ........
[070] 00 01 06 00 00 00 00 00  05 15 00 00 00 7B 00 00
........ .....{..
[080] 00 C8 01 00 00 15 03 00  00 7B 00 00 00 DC 05 00
........ .{......
[090] 00 00 00 00 00 00 00 00  00 02 00 0F 00 00 00 00
........ ........
[0A0] 00                                                .

===============================================================
Core
limits now 4194304 2147483647
Dumping core in /usr/local/samba/var/corefiles

No core file are being generated in /usr/local/samba/var/corefiles

Previous RPC commands that also appear in the log file:

LSA_OPENPOLICY
LSA_QUERYINFOPOLICY

The NT workstation is denying access after this error occurs ...

Unfortunately, I don't know what I have done to cause this problem,
so currently I am not being able to reproduce in a precise way what is
happening.

If anyone have any hint in how to debug more precisely this,
I would be glad to know ...

Sincerely,

Andre Gerhard
Systems/Network Administrator
Universidade de Sao Paulo - SP - BRAZIL