[Samba] "Samba 4" - "smbd"; "can't parse the PAC: NT_STATUS_BUFFER_TOO_SMALL" error but only for a single domain user ("Server 2008 R2" domain, "Server 2008" functional level forest).
Tris Mabbs
TM-Samba201302 at Firstgrade.Co.UK
Fri Mar 15 11:59:28 MDT 2013
>> So it seems that with these changes, "kerberos_decode_pac()" is never
>> entered with "client_principal" anything other than a NULL pointer.
>>
>> So I'm (very) happy that these changes fix my problem. However it
>> does seem a little curious that "client_principal" now never appears
>> to be set - I don't know whether that's expected behaviour?
>
> It isn't, we need to look into that some more.
More than happy to - let me know what you want put where and it'll be done.
Meanwhile, having cleared them out recently, I currently have ~3,600 PAC dumps, not a single one with the Kerberos principal in the name (every one's a PID based name).
On the plus side, still nary a core dump:
------->Cut here:
# find /var/samba4/log/cores/ -type f
#
<-------Cut here.
> Does the ndrdump run you did before now pass fine?
Yes, runs perfectly:
------->Cut here:
% /var/tmp/samba/samba-master/samba-gd/bin/ndrdump krb5pacdecode_pac in PAC-NDR-1819
pull returned NT_STATUS_OK
decode_pac: struct decode_pac
in: struct decode_pac
pac: struct PAC_DATA
num_buffers : 0x00000005 (5)
version : 0x00000000 (0)
buffers: ARRAY(5)
buffers: struct PAC_BUFFER
type : PAC_TYPE_LOGON_INFO (1)
_ndr_size : 0x00000248 (584)
info : *
info : union PAC_INFO(case 1)
logon_info: struct PAC_LOGON_INFO_CTR
...
buffers: struct PAC_BUFFER
type : PAC_TYPE_KDC_CHECKSUM (7)
_ndr_size : 0x00000014 (20)
info : *
info : union PAC_INFO(case 7)
kdc_cksum: struct PAC_SIGNATURE_DATA
type : KERB_CHECKSUM_HMAC_MD
5 (0xFFFFFF76)
signature : DATA_BLOB length=16
[0000] 3B 96 CC BB BB 9D E4 57 13 C9 6D 1C 65 A0 B1 1B ;......W ..m.e...
RODCIdentifier : 0x0000 (0)
_pad : 0x00000000 (0)
dump OK
%
<------- Cut here.
Large amounts of data, all looking absolutely fine.
So definite progress ...
Many thanks, regards, and have a great weekend everyone,
Tris.
More information about the samba-technical
mailing list