[Samba] samba 4.4.14 breaks classic domain
Gaiseric Vandal
gaiseric.vandal at gmail.com
Wed Jun 21 15:55:47 UTC 2017
I increased the logging to 10 on the problem member server. Didn't see
anything of interest.
I did a packet capture on the PDC while typing " net rpc testjoin" from
both the problem member server (4.4.14) and a working member server
(4.4.13)
e.g
SMB: ----- SMB Header -----
SMB:
SMB: CLIENT REQUEST
SMB: Command code = 0x72
SMB: Command name = SMBnegprot
SMB:
SMB: SMB Status:
SMB: - Error class = No error
SMB: - Error code = No error
SMB:
SMB: Header:
SMB: - Tree ID (TID) = 0x0000
SMB: - Process ID (PID) = 0xfffe
SMB: - User ID (UID) = 0x0000
SMB: - Multiplex ID (MID) = 0x0000
SMB: - Flags summary = 0x18
SMB: - Flags2 summary = 0xc843
SMB:
SMB: ByteCount = 49
SMB: Dialect String = NT LANMAN 1.0
SMB: Dialect String = NT LM 0.12
SMB: Dialect String = SMB 2.002
SMB: Dialect String = SMB 2.???
SMB:
On the working member server, the packet capture included a lot of "SMB"
traffic. With the problem server, all the "SMB" packets were empty.
e.g.
SMB: ----- SMB: -----
SMB:
SMB: ""
SMB:
Both machines are configured for a max protocol of SMB2. The problem
machine is also configured for a min protocol of SMB2.
testparm -v
client ipc max protocol = default
client max protocol = SMB2
server max protocol = SMB2
client ipc min protocol = SMB2
client min protocol = SMB2
server min protocol = SMB2
On the PDC, the log file for IP_ADDRESS_OF_PROBLEM_SERVER shows
Non-SMB packet of length 182. Terminating server
On 06/21/17 04:52, Andrew Bartlett wrote:
> On Tue, 2017-06-20 at 17:23 -0400, Gaiseric Vandal via samba wrote:
>> I have several Samba 4.4.x servers (Solaris 11 x86_x64) in a samba
>> classic domain. Samba patches are provided via the Oracle solaris
>> package update system.
>>
>>
>> The two domain controllers are running Samba 4.4.8.
>>
>>
>> A few weeks ago I ran the latest package updates on a non-critical
>> server, which brought it up to 4.4.13. All was OK as far as I could
>> tell. This weekend I updated packages and brought the server up to 4.1.14.
>>
>> This appears to have broken compatibility with the domain.
>>
>> root at memberserver1:~# net rpc testjoin
>> Join to domain 'MYDOMAIN' is not valid:
>> NT_STATUS_CONNECTION_DISCONNECTED
>> root at memberserver1:~#
>>
>>
>> root at memberserver1:~# net rpc join -U Administrator -S PDCServerName
>> Enter Administrator's password:
>> Failed to join domain: failed to lookup DC info for domain
>> 'MYDOMAIN' over rpc: The transport connection is now disconnected.
>> root at memberserver1:~#
>>
>>
>> root at memberserver1:~# net rpc join -U Administrator -S PDCServerIP
>> Enter Administrator's password:
>> Failed to join domain: failed to lookup DC info for domain
>> 'MYDOMAIN' over rpc: The transport connection is now disconnected.
>> root at memberserver1:~#
>>
>>
>>
>>
>> "nslookup PDCServer" and "ping PDCServer" both work fine.
>>
>>
>> I suspect 4.4.14 was not tested in a classic domain and that I may be
>> out of luck.
> I would first suggest running a more recently supported version, but I
> suggest that you read the logs and see where it stops. Turn up the log
> level if need be.
>
> Samba is tested as a classic DC in our autobuild system, so this isn't
> just globally broken for everyone, it will be something OS or site-
> specific.
>
> Sorry,
>
> Andrew Bartlett
More information about the samba
mailing list