[Samba] Regression: The 'net' command is now failing to login (UNKNOWN ENUM VALUE 1003?)

pisymbol . pisymbol at gmail.com
Wed May 25 18:38:55 UTC 2016


Hello:

Platform: CentOS 6.7 x86-64

$ rpm -qa | grep samba
samba-common-3.6.23-30.el6_7.x86_64
samba4-libs-4.2.10-6.el6_7.x86_64
ie-samba-utils-3.6.13-7.x86_64
samba-winbind-3.6.23-30.el6_7.x86_64
samba-client-3.6.23-30.el6_7.x86_64
samba-winbind-clients-3.6.23-30.el6_7.i686
samba-winbind-clients-3.6.23-30.el6_7.x86_64

Problems began after requiring SMB signing (I forgot the specifics but
it was related to CVE-2016-2111 and the one before it I think).

 I had to enable support for signatures on the NetApp (I'm using their
latest patched 8.2.4P3D1 firmware too however it looks like it fails
on older releases of OnTap as well) as per their KB. That worked for
now making commands like rpcclient working.

However, this now breaks the 'net' command:

$ sudo net -d10 -U someuser%somepass -S <netapp hostname> share
....
ntlmssp3_handle_neg_flags: Got challenge flags[0x60898205] - possible
downgrade detected! missing_flags[0x00000010] -
NT_STATUS_RPC_SEC_PKG_ERROR
Got NTLMSSP neg_flags=0x00000010
  NTLMSSP_NEGOTIATE_SIGN
neg_flags[0x60088205]
Got NTLMSSP neg_flags=0x60088205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: NT_STATUS_RPC_SEC_PKG_ERROR
lang_tdb_init: /usr/lib64/samba/en_US.UTF-8.msg: No such file or directory
session setup failed: NT_STATUS_MORE_PROCESSING_REQUIRED
did you forget to run kinit?
     NetShareEnum: struct NetShareEnum
        out: struct NetShareEnum
            buffer                   : *
                buffer                   : NULL
            entries_read             : *
                entries_read             : 0x00000000 (0)
            total_entries            : *
                total_entries            : 0x00000000 (0)
            resume_handle            : *
                resume_handle            : 0x00000000 (0)
            result                   : UNKNOWN_ENUM_VALUE (1003)
return code = 1003

What is UNKNOWN ENUM VALUE (1003)?

Note that disabling spnego does resolve this but then breaks the
rpcclient command.

Is this pilot error on my part or a real issue?

-aps



More information about the samba mailing list