[Fwd: Problems with 2.4.2 - msrpc redirect failed]
Phil Mayers
p.mayers at ic.ac.uk
Fri Apr 21 15:36:41 GMT 2000
I'm having problems with the 2.4.2 release on RedHat 6.2
[root at gw samba]# ./configure
[root at gw samba]# make
[root at gw samba]# make install
[root at gw samba]# cp scripts/samba-init.d /usr/local/samba
[root at gw samba]# cd /usr/local/samba
[root at gw samba]# mkdir var
[root at gw samba]# mkdir var/private
[root at gw samba]# touch var/private/smbpasswd
[root at gw samba]# ./samba-init.d start
Starting SMB services: smbd nmbd netlogond samrd browserd lsarpcd
srvsvcd winregd wkssvcd spoolssd
svcctld.
[root at gw samba]# bin/rpcclient -S . -U root%password
added interface ip=192.168.3.1 bcast=192.168.3.255 nmask=255.255.255.0
[root at .]$ createuser root -p password
createuser root -p password
SAM Create Domain User
Domain: MODEMS Name: root ACB: [U ]
Create Domain User: OK
[root at .]$ enumusers
enumusers
SAM Enumerate Users
User RID: 3e8 User Name: root
[root at .]$ quit
quit
=================================
= Everything works fine to here =
=================================
[root at gw samba]# bin/rpcclient -S gw -U root%password
added interface ip=192.168.3.1 bcast=192.168.3.255 nmask=255.255.255.0
Server: \\GW: User: root Domain:
Connection: error connecting to 127.0.0.1:445 (Connection refused)
session setup ok
Domain=[MODEMS] OS=[Unix] Server=[Samba TNG-alpha]
OK
[root at GW]$ enumusers
enumusers
cli_nt_session_open: cli_nt_create failed on pipe \samr to machine GW.
Error was ERRSRV - ERRacces
s (The requester does not have the necessary access rights within
the specified context for
the reque
ncacn_np_use_add: connection failed
please use 'lsaquery' first, to ascertain the SID
Needless to say, using lsaquery doesn't work.
The relevant portion of the log is:
got smb length of 89
got message type 0x0 of len 0x59
Transaction 4 of length 93
size=89
smb_com=0xa2
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=18433
smb_tid=1
smb_pid=16966
smb_uid=102
smb_mid=1
smt_wct=24
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=1280 (0x500)
smb_vwv[3]=1536 (0x600)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=40704 (0x9F00)
smb_vwv[8]=513 (0x201)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_vwv[13]=0 (0x0)
smb_vwv[14]=0 (0x0)
smb_vwv[15]=768 (0x300)
smb_vwv[16]=0 (0x0)
smb_vwv[17]=256 (0x100)
smb_vwv[18]=0 (0x0)
smb_vwv[19]=0 (0x0)
smb_vwv[20]=0 (0x0)
smb_vwv[21]=512 (0x200)
smb_vwv[22]=0 (0x0)
smb_vwv[23]=0 (0x0)
smb_bcc=6
[000] 5C 73 61 6D 72 00 \samr.
switch message SMBntcreateX (pid 16967)
smb_vwv[18]=0 (0x0)
smb_vwv[19]=0 (0x0)
smb_vwv[20]=0 (0x0)
smb_vwv[21]=512 (0x200)
smb_vwv[22]=0 (0x0)
smb_vwv[23]=0 (0x0)
smb_bcc=6
[000] 5C 73 61 6D 72 00 \samr.
switch message SMBntcreateX (pid 16967)
lookup user 4247,66
000000 vuid_io_key key
0000 pid : 00004247
0004 vuid: 0066
unbecome_to_initial_uid: 127
become_unix_sec_ctx: 0 0 7 0x80b1258
Setting 0 in 7 groups: 0, 1, 2, 3, 4, 6, 10
become_unix_sec_ctx uid=(0,0) gid=(0,0) vuser=(16967,66)
dos_ChDir to /tmp
map_create_disposition: Mapped create_disposition 1 to 1
get_filename: data_offset = 87, data_len = 6, fname_len = 5
nt_open_pipe: Opening pipe \samr.
nt_open_pipe: Known pipe samr opening.
Open pipe requested samr by [16967,66] (pipes_open=0)
lookup user 4247,66
000000 vuid_io_key key
0000 pid : 00004247
0004 vuid: 0066
become_root_depth zero: saving 0 0 7 0x80b1258
become_root: 0 0
ncalrpc_l_use_add
ncalrpc_l_find: samr [16967,66]
ncalrpc_l_find[0]: NETLOGON [16967,65]
unbecome_root: 0 0 7 0x80b1258
0, 1, 2, 3, 4, 6, 10
open pipes: msrpc redirect failed
error packet at line 519 cmd=162 (SMBntcreateX) eclass=2 ecode=4
size=35
smb_com=0xa2
smb_rcls=2
smb_reh=0
smb_err=4
smb_flg=136
smb_flg2=1
smb_tid=1
smb_pid=16966
smb_uid=102
smb_mid=1
smt_wct=0
smb_bcc=0
To be clear:
doing a "net use z: \\gw\root /user:modems\root" works fine - it's the
msrpc redirect that's failing (as far as I can tell, for all RPC
services). It's failing on a comparison of the string "NETLOGON" to
"samr" when trying to identigy the pipe (in ncalrcp_l_find).
*But* doing "rpcclient -S . <stuff>" works OK, which indicates the RPC
services are actually sort-of working.
Things I have tried:
I have all daemons started
I have tried deleting the ./var/locks directory and restarting
I even tried ./configure.developer, putting a sleep() in after the
fork(), attaching xxgdb to the child process and stepping through - it's
definitely failing at that point. ncalrpc_l_use_add is returning false
because it isn't finding the pipe, and the reuse bool parameter is set
to true.
Which raises another point - what's the best way of debugging Samba -
the read-with-timeout means that my method doesn't work too well, and I
don't fancy decoding debug logs, really.
Attached is my smb.conf, and I have a full level debug log available
if anyone wants it.
Cheers,
Phil
-------------- next part --------------
[global]
workgroup = MODEMS
server string = Samba Server TNT-2.4.2-Alpha
# debug level = 100
printcap name = /etc/printcap
load printers = yes
log file = /usr/local/samba/var/log.%m
max log size = 5000
security = user
encrypt passwords = yes
smb passwd file = /usr/local/samba/var/private/smbpasswd
socket options = TCP_NODELAY
interfaces = 192.168.3.1/24
local master = yes
os level = 128
domain master = yes
preferred master = yes
domain logons = yes
logon script = scr.bat
logon path = \\%L\profiles\%U
wins support = yes
# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
; preserve case = no
; short preserve case = no
# Default case is normally upper case for all DOS files
; default case = lower
# Be very careful with case sensitivity - it can break things!
; case sensitive = no
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
comment = Network Logon Service
path = /samba/netlogon
guest ok = yes
writable = no
share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[profiles]
path = /samba/profiles
browseable = no
guest ok = yes
# This one is useful for people to share files
[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
browseable = yes
More information about the samba-technical
mailing list