[Samba] Domain trust between Samba 3.5.9 and Windows 2008 Active Directory crashes lsass.exe which makes AD Domain Controller reboot
Tim Wright
Tim.W at gordian.co.uk
Fri Aug 5 04:47:57 MDT 2011
Have some more information on this - looking at a packet capture of
traffic between the AD DC and the Samba PDC, the last packet it sends is a
"Session Setup AndX Request, NTLMSSP_AUTH" message but the NTLM SSP bit of
the packet has User and Domain set to NULL. Turned up the debug level on
the samba side and see the following in the logs (sorry have include
preamble to final message in case it's of any use in diagnosing the
problem):
2011/08/05 11:06:04.401900, 5]
auth/auth.c:481(make_auth_context_subsystem)
Making default auth method list for DC, security=user, encrypt passwords
= yes
[2011/08/05 11:06:04.402126, 5] auth/auth.c:46(smb_register_auth)
Attempting to register auth backend sam
[2011/08/05 11:06:04.402268, 5] auth/auth.c:58(smb_register_auth)
Successfully added auth method 'sam'
[2011/08/05 11:06:04.402379, 5] auth/auth.c:46(smb_register_auth)
Attempting to register auth backend sam_ignoredomain
[2011/08/05 11:06:04.402487, 5] auth/auth.c:58(smb_register_auth)
Successfully added auth method 'sam_ignoredomain'
[2011/08/05 11:06:04.402603, 5] auth/auth.c:46(smb_register_auth)
Attempting to register auth backend unix
[2011/08/05 11:06:04.402711, 5] auth/auth.c:58(smb_register_auth)
Successfully added auth method 'unix'
[2011/08/05 11:06:04.402816, 5] auth/auth.c:46(smb_register_auth)
Attempting to register auth backend winbind
[2011/08/05 11:06:04.402929, 5] auth/auth.c:58(smb_register_auth)
Successfully added auth method 'winbind'
[2011/08/05 11:06:04.403042, 5] auth/auth.c:46(smb_register_auth)
Attempting to register auth backend wbc
[2011/08/05 11:06:04.403150, 5] auth/auth.c:58(smb_register_auth)
Successfully added auth method 'wbc'
[2011/08/05 11:06:04.403289, 5] auth/auth.c:46(smb_register_auth)
Attempting to register auth backend smbserver
[2011/08/05 11:06:04.403398, 5] auth/auth.c:58(smb_register_auth)
Successfully added auth method 'smbserver'
[2011/08/05 11:06:04.403531, 5] auth/auth.c:46(smb_register_auth)
Attempting to register auth backend trustdomain
[2011/08/05 11:06:04.403649, 5] auth/auth.c:58(smb_register_auth)
Successfully added auth method 'trustdomain'
[2011/08/05 11:06:04.403755, 5] auth/auth.c:46(smb_register_auth)
Attempting to register auth backend ntdomain
[2011/08/05 11:06:04.403862, 5] auth/auth.c:58(smb_register_auth)
Successfully added auth method 'ntdomain'
[2011/08/05 11:06:04.403968, 5] auth/auth.c:46(smb_register_auth)
Attempting to register auth backend guest
[2011/08/05 11:06:04.404075, 5] auth/auth.c:58(smb_register_auth)
Successfully added auth method 'guest'
[2011/08/05 11:06:04.404190, 5] auth/auth.c:46(smb_register_auth)
Attempting to register auth backend netlogond
[2011/08/05 11:06:04.404298, 5] auth/auth.c:58(smb_register_auth)
Successfully added auth method 'netlogond'
[2011/08/05 11:06:04.404404, 5] auth/auth.c:383(load_auth_module)
load_auth_module: Attempting to find an auth method to match guest
[2011/08/05 11:06:04.404533, 5] auth/auth.c:408(load_auth_module)
load_auth_module: auth method guest has a valid init
[2011/08/05 11:06:04.404650, 5] auth/auth.c:383(load_auth_module)
load_auth_module: Attempting to find an auth method to match sam
[2011/08/05 11:06:04.404760, 5] auth/auth.c:408(load_auth_module)
load_auth_module: auth method sam has a valid init
[2011/08/05 11:06:04.404868, 5] auth/auth.c:383(load_auth_module)
load_auth_module: Attempting to find an auth method to match
winbind:trustdoma
in
[2011/08/05 11:06:04.404978, 5] auth/auth.c:383(load_auth_module)
[2011/08/05 11:06:04.404978, 5] auth/auth.c:383(load_auth_module)
load_auth_module: Attempting to find an auth method to match trustdomain
[2011/08/05 11:06:04.405098, 5] auth/auth.c:408(load_auth_module)
load_auth_module: auth method trustdomain has a valid init
[2011/08/05 11:06:04.405205, 5] auth/auth.c:408(load_auth_module)
load_auth_module: auth method winbind has a valid init
[2011/08/05 11:06:04.405501, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xe2088297
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_LM_KEY
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP_NEGOTIATE_56
[2011/08/05 11:06:04.406184, 5] auth/auth.c:97(get_ntlm_challenge)
auth_get_challenge: module guest did not want to specify a challenge
[2011/08/05 11:06:04.406292, 5] auth/auth.c:97(get_ntlm_challenge)
auth_get_challenge: module sam did not want to specify a challenge
[2011/08/05 11:06:04.406408, 5] auth/auth.c:97(get_ntlm_challenge)
auth_get_challenge: module winbind did not want to specify a challenge
[2011/08/05 11:06:04.406521, 5] auth/auth.c:132(get_ntlm_challenge)
auth_context challenge created by random
[2011/08/05 11:06:04.406627, 5] auth/auth.c:133(get_ntlm_challenge)
challenge is:
[2011/08/05 11:06:04.406730, 5] ../lib/util/util.c:278(_dump_data)
[0000] 74 0C 51 36 68 7B 3F 72 t.Q6h{?r
[2011/08/05 11:06:04.407383, 5] lib/util.c:617(show_msg)
[2011/08/05 11:06:04.407446, 5] lib/util.c:627(show_msg)
size=264
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51203
smb_tid=65535
smb_pid=65279
smb_uid=100
smb_mid=64
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 167 (0xA7)
smb_bcc=221
[2011/08/05 11:06:04.409709, 6] smbd/process.c:1486(process_smb)
got message type 0x0 of len 0xbc
[2011/08/05 11:06:04.409835, 3] smbd/process.c:1489(process_smb)
Transaction 2 of length 192 (0 toread)
[2011/08/05 11:06:04.409948, 5] lib/util.c:617(show_msg)
[2011/08/05 11:06:04.410006, 5] lib/util.c:627(show_msg)
size=188
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51207
smb_tid=65535
smb_pid=65279
smb_uid=100
smb_mid=128
smt_wct=12
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]=16644 (0x4104)
smb_vwv[ 3]= 50 (0x32)
smb_vwv[ 4]= 0 (0x0)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 0 (0x0)
smb_vwv[ 7]= 125 (0x7D)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]= 0 (0x0)
smb_vwv[10]= 212 (0xD4)
smb_vwv[11]=40960 (0xA000)
smb_bcc=129
[2011/08/05 11:06:04.412256, 3] smbd/process.c:1298(switch_message)
switch message SMBsesssetupX (pid 18499) conn 0x0
[2011/08/05 11:06:04.412370, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2011/08/05 11:06:04.412482, 5]
auth/token_util.c:525(debug_nt_user_token)
NT user token: (NULL)
[2011/08/05 11:06:04.412596, 5]
auth/token_util.c:551(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2011/08/05 11:06:04.412860, 5] smbd/uid.c:369(change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2011/08/05 11:06:04.413027, 3]
smbd/sesssetup.c:1458(reply_sesssetup_and_X)
wct=12 flg2=0xc807
[2011/08/05 11:06:04.413135, 2]
smbd/sesssetup.c:1413(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old
resources.
[2011/08/05 11:06:04.413279, 3]
smbd/sesssetup.c:1212(reply_sesssetup_and_X_spnego)
Doing spnego session setup
[2011/08/05 11:06:04.413446, 3]
smbd/sesssetup.c:1254(reply_sesssetup_and_X_spnego)
NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
[2011/08/05 11:06:04.413632, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth)
Got user=[] domain=[] workstation=[LIVEDC] len1=1 len2=0
tim
************************************************************
For further information on Gordian Knot Limited ("Gordian") and/or Theta Corporation ("Theta") please visit our website at http://www.gordian.co.uk or call +44 20 7290 9901.
The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient of this e-mail you may not copy, forward, disclose or otherwise use any part of it or any attachment in any way or in any form whatsoever. If you have received this message in error, please notify the sender immediately by telephone or return e-mail and delete it and any attachment(s) from your system.
Gordian is a company registered in England with company number 2853833 at the following address Lansdowne House, Berkeley Square, London, W1J 6AB, England.
In accordance with the FSA's Rules Theta is Gordian's client. Gordian does not have a client relationship with any other person and does not owe regulatory duties to any other person under the Conduct of Business Rules or other parts of the FSA's Rules. Gordian is not responsible to you for providing the same protections as those afforded to Theta, or for providing advice in relation to investing in Theta.
More information about the samba
mailing list