[Samba] problem connecting DFS-share with winXP - successful with Vista & 7

[David Merhar]

Anyone?

I am seeing the same behavior - DFS shares visible in Vista and 7, but  
not XP - though I have not spotted the same detail at session setup.

No problem with XP until recently when we applied a domain wide group  
policy update and latest windows updates.  Can't go backwards on the  
policy.

samba-3.5.4
security = ads

Thanks.

djm



On Dec 20, 2010, at 4:19 AM, Steffen Frömer wrote:

>
> Hi,
>
> i have problems connecting to DFS-Share from Client WindowsXP. Same  
> configuration works fine for Windows Vista and 7. On Windows 7 the  
> LMCompatibility Level is 3.
>
> the striking point I see in logfile is following
>
> 2010/12/20 10:30:17,  1] smbd/service.c:make_connection_snum(1119)
>  10.184.144.171 (10.184.144.171) signed connect to service applbin  
> initially as user useracc (uid=45110, gid=45110) (pid 20312)
> [2010/12/20 10:30:17,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/12/20 10:30:17,  2] smbd/reply.c:reply_tcon_and_X(789)
>  Serving applbin as a Dfs root
> [2010/12/20 10:30:17,  3] smbd/reply.c:reply_tcon_and_X(794)
>  tconX service=APPLBIN
> [2010/12/20 10:30:17,  3] smbd/process.c:process_smb(1576)
>  Transaction 3 of length 1404 (0 toread)
> [2010/12/20 10:30:17,  3] smbd/process.c:switch_message(1393)
>  switch message SMBsesssetupX (pid 20312) conn 0x0
> [2010/12/20 10:30:17,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/12/20 10:30:17,  3] smbd/sesssetup.c:reply_sesssetup_and_X(1412)
>  wct=12 flg2=0xc807
> [2010/12/20 10:30:17,  3] smbd/ 
> sesssetup.c:reply_sesssetup_and_X_spnego(1175)
>  Doing spnego session setup
> [2010/12/20 10:30:17,  3] smbd/ 
> sesssetup.c:reply_sesssetup_and_X_spnego(1210)
>  NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows  
> 2002 5.1] PrimaryDomain=[]
> [2010/12/20 10:30:17,  3] smbd/sesssetup.c:reply_spnego_negotiate(802)
>  reply_spnego_negotiate: Got secblob of size 1172
> [2010/12/20 10:30:17,  3] libads/authdata.c:decode_pac_data(301)
>  Found account name from PAC: CLIENTXP$ []
> [2010/12/20 10:30:17,  3] smbd/sesssetup.c:reply_spnego_kerberos(356)
>  Ticket name is [CLIENTXP$@DOMAIN.LOCAL]
> [2010/12/20 10:30:17,  1] smbd/sesssetup.c:reply_spnego_kerberos(474)
>  Username DOMAIN00\CLIENTXP$ is invalid on this system
> [2010/12/20 10:30:17,  3] smbd/error.c:error_packet_set(61)
>  error packet at smbd/sesssetup.c(480) cmd=115 (SMBsesssetupX)  
> NT_STATUS_LOGON_FAILURE
>
>
> On Windows Vista the Same Section in logfile shows different account- 
> name:
>
>  Doing spnego session setup
> [2010/12/20 09:12:29,  3] smbd/ 
> sesssetup.c:reply_sesssetup_and_X_spnego(1210)
>  NativeOS=[] NativeLanMan=[] PrimaryDomain=[]
> [2010/12/20 09:12:29,  3] smbd/sesssetup.c:reply_spnego_negotiate(802)
>  reply_spnego_negotiate: Got secblob of size 6566
> [2010/12/20 09:12:29,  3] libads/authdata.c:decode_pac_data(301)
>  Found account name from PAC: USERACC [Nachname, Vorname]
> [2010/12/20 09:12:29,  3] smbd/sesssetup.c:reply_spnego_kerberos(356)
>  Ticket name is [USERACC at DOMAIN.LOCAL]
>
>
> The difference i see, is that on windows XP the system don't take  
> the username of connecting account, although it is grabbed in start  
> of session-log.
>
> [2010/12/20 10:30:17,  3] libads/authdata.c:decode_pac_data(301)
>  Found account name from PAC: USERACC [Nachname, Vorname]
> [2010/12/20 10:30:17,  3] smbd/sesssetup.c:reply_spnego_kerberos(356)
>  Ticket name is [EFROEM1 at DOMAIN.LOCAL]
>
> Has someone an idea, how i can fix this problem.
> This problem only occurs, if i connect via DFS Master. If i connect  
> directly to the Share, all is successful.
>
>
>
> [complete Logfile]: http://paste.ubuntu.com/545870/
> [config DFS-master]: http://paste.ubuntu.com/545874/
> [config client]: http://paste.ubuntu.com/545873/
>
>
> Regards,
> Steffen
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba