[Samba] ethereal dump analysis (was: smbspool to Windows 2000 Server: "ERRgeneral opening remote file")

Marc Haber mh+samba at zugschlus.de
Fri Jun 18 15:53:42 GMT 2004 

OK, I have now done a little more in-depth analysis with Ethereal. A
full log is available in private on request.

On Fri, Jun 18, 2004 at 03:22:20PM +0200, Marc Haber wrote:
> Trying to print with smbclient gives the same error message, and
> smbclient's queue command gives no output while there are jobs in the
> queue that should be displayed.
> 
> An strace of smbclient suggests that the error message is indeed
> generated from and error code returned by the server (but the error
> message is not in the server's answer in clear text, so I suspect some
> error number that is translated to the clear text on the client).

Disclaimer: As a mainly Unix guy, I don't have too much clue about the
SMB protocol.

The trace was built by:
$ smbclient //server/printer <password> -U domain/account --debug=10
Domain=[domain] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
smb: \> print Makefile
ERRHRD - ERRgeneral (General failure.) opening remote file Makefile
smb: \> quit

I am condensing the trace, omitting what I find irrelevant.

Frame  7: UDP Client => DNS.53, DNS Query for the server: type A, class inet
Frame  8: UDP DNS.53 => Client, DNS Response, Host address a.b.c.d
Frame  9: TCP Client.33513 => Server.445, SYN
Frame 10: TCP Server.445 => Client. 33513, SYN/ACK
Frame 11: TCP Client.33513 => Server.445, ACK
Frame 12: TCP Client.33513 => Server.445, SMB Command Negotiate
	  Protocol, STATUS_SUCCESS Negotiate Protocol Request,
	  Requested Dialects: PC NETWORK PROGRAM 1.0, MICROSOFT
	  NETWORKS 1.03, MICROSOFT NETWORKS 3.0, LANMAN1.0, LM1.2X002,
	  DOS LANMAN2.1 Samba, NT LANMAN 1.0, NT LM 0.12
Frame 13: TCP Server.445 => Client.33513,
          SMB Command Negotiate Protocol, STATUS_SUCCESS
	  Negotiate Protocol Response, Dialect Index: 8, greater than
          LANMAN2.1, Security Mode: 0x07, Capabilities: 0x8000f3fd
Frame 14: TCP Client.33513 => Server.445, ACK
Frame 15: TCP Client.33513 => Server.445
          SMB Command: Session Setup AndX (0x73)
	  NT Status: STATUS_SUCCESS (0x00000000)
	  Flags: 0x08 Flags2: 0xc805
	  Session Setup AndX Request (0x73)
	  AndXCommand: No further commands (0xff)
	  Capabilities: 0x8000005c
	  GSS-API OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
	  OID: 1.3.6.1.4.1.311.2.2.10
	  NTLM Message Type: NTLMSSP_NEGOTIATE
	  Flags: 0x60080215
	  Calling workstation domain: ZG2
	  Calling workstation name: VASH
	  Native OS: Unix
	  Native LAN Manager: Samba
Frame 16: TCP Server.445 => Client.33513
      	  SMB Command: Session Setup AndX (0x73)
	  NT Status: STATUS_MORE_PROCESSING_REQUIRED (0xc0000016)
	  Flags: 0x88 Flags2: 0xc805
	  Session Setup AndX Response (0x73)
	  AndXCommand: No further commands (0xff)
	  Action: 0x0000
	  GSS-API SPNEGO negTokenTarg negResult: Accept Incomplete (0x0001)
	  supportedMech: 1.3.6.1.4.1.311.2.2.10
	  responseToken NTLMSSPNTLMSSP identifier: NTLMSSP 
	  NTLM Message Type: NTLMSSP_CHALLENGE
	  Domain: <domain>
	  Flags: 0x62890215
	  Address List
	  Domain NetBIOS Name: <snip>
	  Server NetBIOS Name: <snip>
	  Domain DNS Name: <snip>
	  Server DNS Name: <snip>
	  List Terminator
	  mechListMIC NTLMSSP NTLMSSP identifier: NTLMSSP
	  NTLM Message Type: NTLMSSP_CHALLENGE
	  Domain: <domain>
	  Flags: 0x62890215
	  Address List
	  Domain NetBIOS Name: <snip>
	  Server NetBIOS Name: <snip>
	  Domain DNS Name: <snip>
	  Server DNS Name: <snip>
	  List Terminator
	  Native OS: Windows 5.0
	  Native LAN Manager: Windows 2000 LAN Manager
Frame 17: TCP Client.33513 => Server.445
          SMB Command: Session Setup AndX (0x73)
	  NT Status: STATUS_SUCCESS (0x00000000)
	  Flags: 0x08 Flags2: 0xc805
	  Session Setup AndX Request (0x73)
	  AndXCommand: No further commands (0xff)
	  Capabilities: 0x8000005c
	  GSS-API SPNEGO negTokenTarg responseToken NTLMSSP
	  NTLMSSP identifier: NTLMSSP 
	  NTLM Message Type: NTLMSSP_AUTH (0x00000003)
	  Lan Manager Response: <snip>
	  NTLM Response:
	  Domain name:
	  User name:
	  Host name:
	  Session Key:
	  Flags: 0x60080215
	  Native OS: Unix
	  Native LAN Manager: Samba
Frame 18: TCP Server.445 => Client.33513
      	  SMB Command: Session Setup AndX (0x73)
	  NT Status: STATUS_SUCCESS (0x00000000)
	  Flags: 0x88 Flags2: 0xc805
	  Session Setup AndX Response (0x73)
	  Action: 0x0000
	  GSS-API SPNEGO negTokenTarg negResult: Accept Completed (0x0000)
	  Native OS: Windows 5.0
	  Native LAN Manager: Windows 2000 LAN Manager
Frame 19: TCP Client.33513 => Server.445
          SMB Command: Tree Connect AndX (0x75)
	  NT Status: STATUS_SUCCESS (0x00000000)
	  Flags: 0x08 Flags2: 0xc805
	  Tree Connect AndX Request (0x75)
	  AndXCommand: No further commands (0xff)
	  Flags: 0x0000
	  Password Length: 1
	  Password: 00
	  Path: \\server\printer
	  Service: ?????
Frame 20: TCP Server.445 => Client.33513
          SMB Command: Tree Connect AndX (0x75)
	  NT Status: STATUS_SUCCESS (0x00000000)
	  Flags: 0x88 Flags2: 0xc805
	  Tree Connect AndX Response (0x75)
	  AndXCommand: No further commands (0xff)
	  Optional Support: 0x0001
	  Service: LPT1:
	  Native File System:
Frame 21: TCP Client.33513 => Server.445
          SMB Command: Check Directory (0x10)
	  NT Status: STATUS_SUCCESS (0x00000000)
	  Flags: 0x08 Flags2: 0xc805
	  Directory: \
Frame 22: TCP Server.445 => Client.33513
      	  SMB Command: Check Directory (0x10)
	  NT Status: STATUS_ACCESS_DENIED (0xc0000022)
	  Flags: 0x88  Flags2: 0xc805
Frame 25: TCP Client.33513 => Server.445, ACK
Frame 32: TCP Client.33513 => Server.445
      	  SMB Command: Open AndX (0x2d)
	  NT Status: STATUS_SUCCESS (0x00000000)
	  Flags: 0x08 Flags2: 0xc805
	  Open AndX Request (0x2d)
	  AndXCommand: No further commands (0xff)
	  Flags: 0x0000 Desired Access: 0x0042
	  Search Attributes: 0x0006 File Attributes: 0x00000000
	  Created: Jan  1, 1970 00:00:00.000000000
	  Open Function: 0x0012
	  File Name: Makefile
Frame 33: TCP Server.445 => Client.33513
      	  SMB Command: Open AndX (0x2d)
	  Error Class: Hardware Error (0x03)
	  Error Code: General failure
	  Flags: 0x88 Flags2: 0x8805
Frame 34: TCP Client.33513 => Server.445, ACK

As far as I recon, authentication succeeds fine. What I find odd is
that the client, in Frame 19, Sends a password of "00", and a Service
that ethereal cannot parse. In Frame 20, the server sends back "LPT1"
as a service, but the printer in question is not connected to any
parallel port. In Frame 21, the client requests access to directory
"\" which seems to be missing the drive letter, which the server in
Frame 22 promptly rejects (that fact isn't logged. Can I tell NT to
log access violations more verbosely?). smbclient seems to ignore the
error message and tries to open a file on the share that is not
successfully opened and gets back the general failure error message
that is relayed to the user.

Again: I am not by any means an SMB expert, so my analysis may be
wrong. The full ethereal analysis is available on request as is the
raw dump file. But I surely hope that I delievered enough information
for better analysis. Any hints will be greatly appreciated.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Karlsruhe, Germany |  lose things."    Winona Ryder | Fon: *49 721 966 32 15
Nordisch by Nature |  How to make an American Quilt | Fax: *49 721 966 31 29

More information about the samba mailing list