NetApp user lookup on Samba 3.3.5 on AIX.
William Jojo
w.jojo at hvcc.edu
Tue Jun 23 10:23:04 MDT 2009
I scanned the archives and it seems Volker (aren't you lucky!) has has the most exposure to NetApp and Samba issues.
So, Volker, let me pose this to you.
We were able to get NetApp (DataOnTap 7.3.1.1) FAS2050 joined to a Samba domain. We had to set the password of the Machine account to the same as the machine account name in lower case minus the $. That's all good.
The problem is here:
1) We can lookup users in the Samba domain (backed by OpenLDAP 2.4.16) via SID. Reports the user back as DOMAIN\username. Great!
2) We CANNOT lookup users by unqualified or qualified name (username nor DOMAIN\username).
Log level 5 seems to point the issue here:
[2009/06/23 11:57:52, 5] auth/auth_sam.c:logon_hours_ok(119)
logon_hours_ok: user w.jojo allowed to logon at this time (Tue Jun 23 15:57:52 2009
)
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(4294967294, 4294967294) : sec_ctx_stack_ndx = 1
[2009/06/23 11:57:52, 3] smbd/uid.c:push_conn_ctx(440)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/06/23 11:57:52, 5] auth/token_util.c:debug_nt_user_token(522)
NT user token: (NULL)
[2009/06/23 11:57:52, 5] auth/token_util.c:debug_unix_user_token(548)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (4294967294, 4294967294) - sec_ctx_stack_ndx = 0
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(4294967294, 4294967294) : sec_ctx_stack_ndx = 1
[2009/06/23 11:57:52, 3] smbd/uid.c:push_conn_ctx(440)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/06/23 11:57:52, 5] auth/token_util.c:debug_nt_user_token(522)
NT user token: (NULL)
[2009/06/23 11:57:52, 5] auth/token_util.c:debug_unix_user_token(548)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/06/23 11:57:52, 3] smbd/uid.c:push_conn_ctx(440)
push_conn_ctx(100) : conn_ctx_stack_ndx = 1
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/06/23 11:57:52, 5] auth/token_util.c:debug_nt_user_token(522)
NT user token: (NULL)
[2009/06/23 11:57:52, 5] auth/token_util.c:debug_unix_user_token(548)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/06/23 11:57:52, 5] auth/auth_util.c:make_server_info_sam(635)
make_server_info_sam: made server info for user w.jojo -> w.jojo
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (4294967294, 4294967294) - sec_ctx_stack_ndx = 0
[2009/06/23 11:57:52, 3] auth/auth.c:check_ntlm_password(269)
check_ntlm_password: sam authentication for user [w.jojo] succeeded
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(4294967294, 4294967294) : sec_ctx_stack_ndx = 1
[2009/06/23 11:57:52, 3] smbd/uid.c:push_conn_ctx(440)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/06/23 11:57:52, 5] auth/token_util.c:debug_nt_user_token(522)
NT user token: (NULL)
[2009/06/23 11:57:52, 5] auth/token_util.c:debug_unix_user_token(548)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (4294967294, 4294967294) - sec_ctx_stack_ndx = 0
[2009/06/23 11:57:52, 5] auth/auth.c:check_ntlm_password(295)
check_ntlm_password: PAM Account for user [w.jojo] succeeded
[2009/06/23 11:57:52, 2] auth/auth.c:check_ntlm_password(308)
check_ntlm_password: authentication for user [w.jojo] -> [w.jojo] -> [w.jojo] succeeded
[2009/06/23 11:57:52, 5] auth/auth_util.c:free_user_info(2103)
attempting to free (and zero) a user_info structure
[2009/06/23 11:57:52, 5] rpc_server/srv_netlog_nt.c:_netr_LogonSamLogon(965)
_netr_LogonSamLogon: check_password returned status NT_STATUS_OK
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(4294967294, 4294967294) : sec_ctx_stack_ndx = 1
[2009/06/23 11:57:52, 3] smbd/uid.c:push_conn_ctx(440)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/06/23 11:57:52, 5] auth/token_util.c:debug_nt_user_token(522)
NT user token: (NULL)
[2009/06/23 11:57:52, 5] auth/token_util.c:debug_unix_user_token(548)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (4294967294, 4294967294) - sec_ctx_stack_ndx = 0
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:push_sec_ctx(224)
push_sec_ctx(4294967294, 4294967294) : sec_ctx_stack_ndx = 1
[2009/06/23 11:57:52, 3] smbd/uid.c:push_conn_ctx(440)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/06/23 11:57:52, 5] auth/token_util.c:debug_nt_user_token(522)
NT user token: (NULL)
[2009/06/23 11:57:52, 5] auth/token_util.c:debug_unix_user_token(548)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2009/06/23 11:57:52, 3] smbd/sec_ctx.c:pop_sec_ctx(432)
pop_sec_ctx (4294967294, 4294967294) - sec_ctx_stack_ndx = 0
[2009/06/23 11:57:52, 5] rpc_server/srv_pipe.c:api_rpcTNP(2406)
api_rpcTNP: called netlogon successfully
[2009/06/23 11:57:52, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(500)
free_pipe_context: destroying talloc pool of size 470
[2009/06/23 11:57:52, 5] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1007)
read_from_pipe: too large read (16560) requested on pipe netlogon. We can only service 4280 sized reads.
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_debug(88)
000000 smb_io_rpc_hdr hdr
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_uint8(624)
0000 major : 05
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_uint8(624)
0001 minor : 00
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_uint8(624)
0002 pkt_type : 02
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_uint8(624)
0003 flags : 03
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_uint8(624)
0004 pack_type0: 10
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_uint8(624)
0005 pack_type1: 00
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_uint8(624)
0006 pack_type2: 00
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_uint8(624)
0007 pack_type3: 00
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_uint16(689)
0008 frag_len : 0278
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_uint16(689)
000a auth_len : 0000
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_uint32(718)
000c call_id : 00000001
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_debug(88)
000010 smb_io_rpc_hdr_resp resp
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_uint32(718)
0010 alloc_hint: 00000260
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_uint16(689)
0014 context_id: 0000
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_uint8(624)
0016 cancel_ct : 00
[2009/06/23 11:57:52, 5] rpc_parse/parse_prs.c:prs_uint8(624)
0017 reserved : 00
[2009/06/23 11:57:52, 5] smbd/ipc.c:copy_trans_params_and_data(60)
copy_trans_params_and_data: params[0..0] data[0..632] (align 0)
In other words, it seems that NetApp is asking for too large a response and Samba is trying to encourage NetApp to go with a smaller value. It seems Jeremy created this patch based on a Coverity issue (but not really a bug according to the patch information) otherwise I might not have seen this error.
Am I reading this dump correctly and what can we do at this point?
Cheers,
Bill
More information about the samba-technical
mailing list