[Samba] Issues with OS/2 and Samba 4

Dagobert Michelsen dam at opencsw.org
Mon Jun 8 04:19:01 MDT 2015


Hi Jeremy,

Am 02.06.2015 um 17:10 schrieb Jeremy Allison <jra at samba.org>:
> Thanks a lot for checking these things ! No one on the Team
> runs OS/2 so it isn't easy to test we still work with it,
> although we should.
> 
> Can you log bugs for these issues and we will work through
> them with you if you're willing to do the testing work ?

Sure, I will comment inline on the issues with enhanced information.
Just let me know if you need more details.

> On Tue, Jun 02, 2015 at 02:56:07PM +0200, dam wrote:
>> I made some tests with OS/2 (really!) and Samba 4 (tested with
>> 4.1.17) and found some issues:
>> 
>> 1. Domain Logon
>> 
>> When doing a domain logon with "logon" then we get an error message
>> in the log:
>> 
>> [2015/06/02 12:40:07.291956,  2] ../source4/nbt_server/dgram/netlogon.c:187(nbtd_mailslot_netlogon_handler)
>> unknown netlogon op 0 from 10.144.41.131:138
>> [2015/06/02 12:40:07.292269,  1]
>> ../librpc/ndr/ndr.c:296(ndr_print_debug)
>>     netlogon: struct nbt_netlogon_packet
>>        command                  : LOGON_REQUEST (0)
>>        req                      : union nbt_netlogon_request(case 0)
>>        logon0: struct NETLOGON_LOGON_REQUEST
>>            computer_name            : 'TS-20107'
>>            user_name                : 'TS'
>>            mailslot_name            : '\MAILSLOT\TEMP\NETLOGON'
>>            request_count            : 0x00 (0)
>>            lmnt_token               : 0x0001 (1)
>>            lm20_token               : 0xffff (65535)

Our smb.conf looks like this:

> # Global parameters
> [global]
> workgroup = GEBECODOM
> realm = GEBECODOM.GEBECO.DE
> netbios name = SAMBA
> server role = active directory domain controller
> dns forwarder = 10.144.42.2
> server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns, smb
> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, winreg, srvsvc
> idmap_ldb:use rfc2307 = yes
> interfaces = ipmi0:2 lo0:2
> interfaces = 10.144.42.16/22 127.0.0.1/32
> bind interfaces only = yes
> 
> log file = /var/adm/samba.log
> max log size = 10000
> log level =  99 dns:1
> debug timestamp = yes
> 
> lanman auth = Yes
> lm announce = Yes
> lm interval = 30
> 
> client lanman auth = yes
> 
> 
> [netlogon]
> path = /var/opt/csw/samba/locks/sysvol/gebecodom.gebeco.de/scripts
> read only = No
> 
> [sysvol]
> path = /var/opt/csw/samba/locks/sysvol
> read only = No
> 
> [demo]
> path = /export/home/demo
> read only = no

On OS/2 the following commands are issued:

> logon /V:D
>> ts / pwd / GEBECODOM
> ...wait
> "domain controller could not be found"

Samba is logging the following error messages:

> samba log (loglevel = 99 dns:1 )
> SAMBA-Server IP : 10.144.42.16
> OS2 CLIENT IP   : 10.144.41.131
> 
> [2015/06/08 12:03:04.476133,  5, pid=5874, effective(0, 0), real(0, 0)] ../source4/libcli/dgram/dgramsocket.c:65(dgm_socket_recv)
> Received dgram packet of length 218 from 10.144.40.20:138
> [2015/06/08 12:03:04.476347,  5, pid=5874, effective(0, 0), real(0, 0)] ../source4/nbt_server/dgram/netlogon.c:172(nbtd_mailslot_netlogon_handler)
> netlogon request to GEBECODOM<00> from 10.144.40.20:138
> [2015/06/08 12:03:04.476402,  2, pid=5874, effective(0, 0), real(0, 0)] ../source4/nbt_server/dgram/netlogon.c:187(nbtd_mailslot_netlogon_handler)
> unknown netlogon op 0 from 10.144.40.20:138
> [2015/06/08 12:03:04.476439,  1, pid=5874, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug)
>      netlogon: struct nbt_netlogon_packet
>         command                  : LOGON_REQUEST (0)
>         req                      : union nbt_netlogon_request(case 0)
>         logon0: struct NETLOGON_LOGON_REQUEST
>             computer_name            : 'NOTFALL2'
>             user_name                : 'TS'
>             mailslot_name            : '\MAILSLOT\TEMP\NETLOGON'
>             request_count            : 0x00 (0)
>             lmnt_token               : 0x0001 (1)
>             lm20_token               : 0xffff (65535)
> [2015/06/08 12:03:04.476628,  5, pid=5874, effective(0, 0), real(0, 0)] ../source4/libcli/dgram/dgramsocket.c:65(dgm_socket_recv)
> Received dgram packet of length 202 from 10.144.42.172:138

The network snoop for the domain logon looks like this:

-------------- next part --------------



>> When looking at the current source the respective LOGON_REQUEST is
>> missing from the switch at
>> https://git.samba.org/?p=samba.git;a=blob;f=source4/nbt_server/dgram/netlogon.c;h=0e5294cb94c42c13ef38d70885303998c75a7a39;hb=HEAD#l176
>> 
>> In Samba 3 this branch was still present and domain logon worked.



Best regards

? Dago


-- 
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896



More information about the samba mailing list