Problem with SAMRD

Luke Kenneth Casson Leighton lkcl at samba.org
Mon Jan 31 23:23:56 GMT 2000 

i literally just spotted this, the arguments are the wrong way round so
there are 0x3e8 RIDs being looked up, which is of course wring.

On Tue, 1 Feb 2000, G. Naik wrote:

> I am logging in with an NT workstation, and upon login, samrd panics and
> core dumps, it also occurs on a logout.  
> 
> I am using roaming profiles, the PDC is the latest (today's TNG) running
> on FreeBSD 3.4.  
> 
> A few attempts, later, NT will report that the PDC could not be found.  
> 
> gdb info:
> ---------------
> 
> This GDB was configured as "i386-unknown-freebsd"...
> Core was generated by `samrd'.
> Program terminated with signal 6, Abort trap.
> Reading symbols from /usr/local/samba/lib/libsmbpw.so.0...done.
> Reading symbols from /usr/local/samba/lib/libmsrpc.so.0...done.
> Reading symbols from /usr/local/samba/lib/libsmb.so.0...done.
> Reading symbols from /usr/local/samba/lib/libnmb.so.0...done.
> Reading symbols from /usr/local/samba/lib/libsamba.so.0...done.
> Reading symbols from /usr/local/samba/lib/libubiqx.so.0...done.
> Reading symbols from /usr/lib/libreadline.so.3...done.
> Reading symbols from /usr/lib/libcrypt.so.2...done.
> Reading symbols from /usr/lib/libpam.so.1...done.
> Reading symbols from /usr/lib/libcurses.so.2...done.
> Reading symbols from /usr/lib/libc.so.3...done.
> Reading symbols from /usr/lib/libtermcap.so.2...done.
> Reading symbols from /usr/libexec/ld-elf.so.1...done.
> #0  0x281e2b60 in kill () from /usr/lib/libc.so.3
> (gdb) 
> (gdb) where
> #0  0x281e2b60 in kill () from /usr/lib/libc.so.3
> #1  0x28217028 in abort () from /usr/lib/libc.so.3
> #2  0x28144e97 in smb_panic (why=0x28152ad5 "internal error")
>     at lib/util.c:2110
> #3  0x2813cde1 in fault_report (sig=11) at lib/fault.c:46
> #4  0x2813ce38 in sig_fault (sig=11) at lib/fault.c:69
> #5  0xbfbfdfcc in ?? ()
> #6  0x8053816 in api_samr_lookup_rids (p=0x806aa00, data=0x806aa00, 
>     rdata=0x806aa2c) at rpc_server/srv_samr.c:611
> #7  0x8059bab in api_rpc_command (l=0x806aa00, 
>     rpc_name=0x805cf30 "api_samr_rpc", api_rpc_cmds=0x8060338)
>     at rpc_server/srv_pipe_srv.c:573
> #8  0x8059c2e in api_rpcTNP (l=0x806aa00, rpc_name=0x805cf30
> "api_samr_rpc", 
>     api_rpc_cmds=0x8060338) at rpc_server/srv_pipe_srv.c:602
> #9  0x8053e99 in api_samr_rpc (p=0x806aa00) at rpc_server/srv_samr.c:959
> #10 0x80597c4 in api_pipe_request (l=0x806aa00, name=0xbfbfdbc8 "samr", 
>     resp=0x806aa88) at rpc_server/srv_pipe_srv.c:391
> #11 0x80599be in rpc_redir_local (l=0x806aa00, req=0x806aa5c,
> resp=0x806aa88, 
>     name=0xbfbfdbc8 "samr") at rpc_server/srv_pipe_srv.c:500
> #12 0x8059d04 in rpc_local (l=0x806aa00, data=0x8065300 "\005", len=64, 
>     name=0xbfbfdbc8 "samr") at rpc_server/srv_pipe_srv.c:629
> #13 0x804f795 in process_msrpc (p=0xbfbfdbc8, c=6)
>     at msrpc/msrpcd_process.c:163
> #14 0x805007d in msrpcd_process (fn=0x8060314, c=6, p=0xbfbfdbc8)
>     at msrpc/msrpcd_process.c:509
> #15 0x804f5f9 in main (argc=2, argv=0xbfbfdcf8) at msrpc/msrpcd.c:567
> #16 0x804e909 in _start ()
> ------------------------------------
> 
> samr.log
> ------------------------------------
> api_pipe_request: validated auth
> Doing \PIPE\samr
> api_rpc_command: api_samr_rpc op 0x12 - api_rpc_command: SAMR_LOOKUP_RIDS
> 000008 samr_io_q_lookup_rids 
>     000008 smb_io_pol_hnd pol
>         0008 data: 00 00 00 00 02 00 00 00 00 00 00 00 26 17 96 38 93 20
> 01 00 
>     001c num_rids1: 00000001
>     0020 flags    : 000003e8
>     0024 ptr      : 00000000
>     0028 num_rids2: 00000001
>     002c rid[00]  : 00001520
> samr_lookup_rids: 1501
> Found policy hnd[2] [000] 00 00 00 00 02 00 00 00  00 00 00 00 26 17 96 38
> ....... ....&..8
> [010] 93 20 01 00                                       . .. 
> Found policy hnd[2] [000] 00 00 00 00 02 00 00 00  00 00 00 00 26 17 96 38
> ....... ....&..8
> [010] 93 20 01 00                                       . .. 
> Getting policy state pnum=2
> sid_to_string returning S-1-5-21-4156153-2665413409-1581556546
> Getting policy sid=S-1-5-21-4156153-2665413409-1581556546
> ===============================================================
> INTERNAL ERROR: Signal 11 in pid 73875 (TNG-prealpha)
> Please read the file BUGS.txt in the distribution
> ===============================================================
> -------------------------------------------
> relevant sections of smb.conf:
> [global]
>         domain logons = yes
>         domain master = yes
>         preferred master = yes
>         os level = 33
>         security = user
>         workgroup = STAFF
>         encrypt passwords = yes
>         time server = yes
>         wins support = yes
>         debug level = 100
>         log file = /usr/local/samba/var/%m.log
>         max log size = 100
>         socket options = TCP_NODELAY 
>         domain group map = /usr/local/samba/private/domaingroup.map
> 
> --------------------------------------
> 
> Thanks Guys!
> 
> ---
> Gaurav Naik ("g")       | C A R R O L L - N E T, Inc.
> 201-488-1332            | www.carroll.com 
> 

<a href="mailto:lkcl at samba.org"   > Luke Kenneth Casson Leighton    </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development   </a>
<a href="http://samba.org"        > Samba Web site                  </a>
<a href="http://www.iss.net"      > Internet Security Systems, Inc. </a>
<a href="http://mcp.com"          > Macmillan Technical Publishing  </a>

 ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals

More information about the samba-ntdom mailing list