[Bug 1572301] Re: Regression with 4.3.8 upgrade, Mac OS X machines can't connect

WAB wb221 at exeter.ac.uk
Tue Apr 26 08:59:26 UTC 2016 

Same issue here - connecting with registered user from OSX is fine, but
auth as guest fails.

Samba log (level 3):

[2016/04/26 09:57:38.879538,  3] ../source3/lib/access.c:338(allow_access)
  Allowed connection from 192.168.1.43 (192.168.1.43)
[2016/04/26 09:57:38.879666,  3] ../source3/smbd/oplock.c:1309(init_oplocks)
  init_oplocks: initializing messages.
[2016/04/26 09:57:38.881429,  3] ../source3/smbd/server_exit.c:252(exit_server_common)
  Server exit (failed to receive smb request)
[2016/04/26 09:57:38.888253,  3] ../source3/lib/access.c:338(allow_access)
  Allowed connection from 192.168.1.43 (192.168.1.43)
[2016/04/26 09:57:38.888375,  3] ../source3/smbd/oplock.c:1309(init_oplocks)
  init_oplocks: initializing messages.
[2016/04/26 09:57:38.888470,  3] ../source3/smbd/process.c:1880(process_smb)
  Transaction 0 of length 73 (0 toread)
[2016/04/26 09:57:38.888523,  3] ../source3/smbd/process.c:1490(switch_message)
  switch message SMBnegprot (pid 9589) conn 0x0
[2016/04/26 09:57:38.889573,  3] ../source3/smbd/negprot.c:576(reply_negprot)
  Requested protocol [NT LM 0.12]
[2016/04/26 09:57:38.889616,  3] ../source3/smbd/negprot.c:576(reply_negprot)
  Requested protocol [SMB 2.002]
[2016/04/26 09:57:38.889646,  3] ../source3/smbd/negprot.c:576(reply_negprot)
  Requested protocol [SMB 2.???]
[2016/04/26 09:57:38.889769,  3] ../source3/smbd/smb2_negprot.c:271(smbd_smb2_request_process_negprot)
  Selected protocol SMB2_FF
[2016/04/26 09:57:38.891967,  3] ../auth/gensec/gensec_start.c:907(gensec_register)
  GENSEC backend 'gssapi_spnego' registered
[2016/04/26 09:57:38.892011,  3] ../auth/gensec/gensec_start.c:907(gensec_register)
  GENSEC backend 'gssapi_krb5' registered
[2016/04/26 09:57:38.892056,  3] ../auth/gensec/gensec_start.c:907(gensec_register)
  GENSEC backend 'gssapi_krb5_sasl' registered
[2016/04/26 09:57:38.892092,  3] ../auth/gensec/gensec_start.c:907(gensec_register)
  GENSEC backend 'spnego' registered
[2016/04/26 09:57:38.892118,  3] ../auth/gensec/gensec_start.c:907(gensec_register)
  GENSEC backend 'schannel' registered
[2016/04/26 09:57:38.892140,  3] ../auth/gensec/gensec_start.c:907(gensec_register)
  GENSEC backend 'naclrpc_as_system' registered
[2016/04/26 09:57:38.892173,  3] ../auth/gensec/gensec_start.c:907(gensec_register)
  GENSEC backend 'sasl-EXTERNAL' registered
[2016/04/26 09:57:38.892201,  3] ../auth/gensec/gensec_start.c:907(gensec_register)
  GENSEC backend 'ntlmssp' registered
[2016/04/26 09:57:38.892234,  3] ../auth/gensec/gensec_start.c:907(gensec_register)
  GENSEC backend 'ntlmssp_resume_ccache' registered
[2016/04/26 09:57:38.892256,  3] ../auth/gensec/gensec_start.c:907(gensec_register)
  GENSEC backend 'http_basic' registered
[2016/04/26 09:57:38.892288,  3] ../auth/gensec/gensec_start.c:907(gensec_register)
  GENSEC backend 'http_ntlm' registered
[2016/04/26 09:57:38.892311,  3] ../auth/gensec/gensec_start.c:907(gensec_register)
  GENSEC backend 'krb5' registered
[2016/04/26 09:57:38.892337,  3] ../auth/gensec/gensec_start.c:907(gensec_register)
  GENSEC backend 'fake_gssapi_krb5' registered
[2016/04/26 09:57:38.892453,  3] ../source3/smbd/negprot.c:684(reply_negprot)
  Selected protocol SMB 2.???
[2016/04/26 09:57:38.896563,  3] ../source3/smbd/smb2_negprot.c:271(smbd_smb2_request_process_negprot)
  Selected protocol SMB3_02
[2016/04/26 09:57:46.658294,  3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62880205
[2016/04/26 09:57:46.664793,  3] ../auth/ntlmssp/ntlmssp_server.c:449(ntlmssp_server_preauth)
  Got user=[GUEST] domain=[] workstation=[WILL] len1=24 len2=206
[2016/04/26 09:57:46.664857,  3] ../source3/param/loadparm.c:3740(lp_load_ex)
  lp_load_ex: refreshing parameters
[2016/04/26 09:57:46.664977,  3] ../source3/param/loadparm.c:545(init_globals)
  Initialising global parameters
[2016/04/26 09:57:46.665097,  3] ../source3/param/loadparm.c:2669(lp_do_section)
  Processing section "[global]"
[2016/04/26 09:57:46.665142,  2] ../source3/param/loadparm.c:2686(lp_do_section)
  Processing section "[share]"
[2016/04/26 09:57:46.665261,  3] ../source3/param/loadparm.c:1586(lp_add_ipc)
  adding IPC service
[2016/04/26 09:57:46.665320,  3] ../source3/auth/auth.c:178(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user []\[GUEST]@[WILL] with the new password interface
[2016/04/26 09:57:46.665348,  3] ../source3/auth/auth.c:181(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [GREVILLE]\[GUEST]@[WILL]
[2016/04/26 09:57:46.665425,  3] ../source3/auth/check_samsec.c:400(check_sam_security)
  check_sam_security: Couldn't find user 'GUEST' in passdb.
[2016/04/26 09:57:46.665452,  2] ../source3/auth/auth.c:315(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [GUEST] -> [GUEST] FAILED with error NT_STATUS_NO_SUCH_USER
[2016/04/26 09:57:46.665499,  3] ../source3/auth/auth_util.c:1602(do_map_to_guest_server_info)
  No such user GUEST [] - using guest account
[2016/04/26 09:57:46.665547,  1] ../auth/ntlmssp/ntlmssp_server.c:910(ntlmssp_server_postauth)
  ntlmssp_server_postauth: invalid NTLMSSP_MIC for user=[GUEST] domain=[] workstation=[WILL]
[2016/04/26 09:57:46.665573,  1] ../lib/util/util.c:559(dump_data)
  [0000] 63 61 36 92 EB AE 6F BB   C8 4C AA BE B5 37 16 1D   ca6...o. .L...7..
[2016/04/26 09:57:46.665623,  1] ../lib/util/util.c:559(dump_data)
  [0000] 65 3D 05 9D 49 44 4D DB   8C 5A 45 89 9E 49 C4 8C   e=..IDM. .ZE..I..
[2016/04/26 09:57:46.665665,  2] ../auth/gensec/spnego.c:708(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_INVALID_PARAMETER

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1572301

Title:
  Regression with 4.3.8 upgrade, Mac OS X machines can't connect

Status in samba:
  Unknown
Status in samba package in Ubuntu:
  Confirmed
Status in samba package in CentOS:
  Unknown
Status in samba package in Debian:
  New

Bug description:
  With the recent security update to 4.3.8 on Ubuntu 14.04 some Mac OS X
  10.11 were unable to connect to shares.   The shares were still
  accessible fine via Windows 10 machines.

  Samba versions that broke: 2:4.3.8+dfsg-0ubuntu0.14.04.2
  Samba version that works: 2:4.1.6+dfsg-1ubuntu2.14.04.13

  The error message (If you turn up log level to 2) in the /log.IPADDRESSOFMAC:
  [2016/04/19 14:06:15.555081, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password) 
  check_ntlm_password: Authentication for user [GUEST] -> [GUEST] FAILED with error NT_STATUS_NO_SUCH_USER 
  [2016/04/19 14:06:15.555119, 1] ../auth/ntlmssp/ntlmssp_server.c:910(ntlmssp_server_postauth) 
  ntlmssp_server_postauth: invalid NTLMSSP_MIC for user=[GUEST] domain=[] workstation=[workstation] 
  [2016/04/19 14:06:15.555134, 1] ../lib/util/util.c:559(dump_data) 
  [0000] hex removed` 
  [2016/04/19 14:06:15.555163, 1] ../lib/util/util.c:559(dump_data) 
  [0000] hex removed
  [2016/04/19 14:06:15.555190, 2] ../auth/gensec/spnego.c:708(gensec_spnego_server_negTokenTarg) 
  SPNEGO login failed: NT_STATUS_INVALID_PARAMETER

  This seems very similar to https://www.mail-archive.com/debian-bugs-
  dist at lists.debian.org/msg1414417.html.

  The Samba config is a very simple one, with all users just connecting as guest.  Some excerpts:
  map to guest = bad user 
  [files]
  	public = yes
  	delete readonly = yes
  	writeable = yes
  	path = /removed/

  Workaround. Reverting packages worked, but is complicated, make
  yourself root- sudo -i (because you can break pam!).

  Download needed packages from:
  https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/9294689
  https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/9294692

  You likely should have packages libkdc2-heimdal and libhdb9-heimdal in
  /var/cache/apt/archive so install the old version of them.

  (something like)
  wget https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/9294689/+files/libpam-winbind_4.1.6+dfsg-1ubuntu2.14.04.13_amd64.deb https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/9294689/+files/libwbclient0_4.1.6+dfsg-1ubuntu2.14.04.13_amd64.deb https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/9294689/+files/python-samba_4.1.6+dfsg-1ubuntu2.14.04.13_amd64.deb https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/9294689/+files/samba_4.1.6+dfsg-1ubuntu2.14.04.13_amd64.deb https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/9294689/+files/samba-common-bin_4.1.6+dfsg-1ubuntu2.14.04.13_amd64.deb https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/9294689/+files/samba-libs_4.1.6+dfsg-1ubuntu2.14.04.13_amd64.deb https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/9294689/+files/samba-vfs-modules_4.1.6+dfsg-1ubuntu2.14.04.13_amd64.deb https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/9294689/+files/smbclient_4.1.6+dfsg-1ubuntu2.14.04.13_amd64.deb https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/9294689/+files/winbind_4.1.6+dfsg-1ubuntu2.14.04.13_amd64.deb  https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/9294692/+files/samba-common_4.1.6+dfsg-1ubuntu2.14.04.13_all.deb https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/9294689/+files/samba-dsdb-modules_4.1.6+dfsg-1ubuntu2.14.04.13_amd64.deb

  Then sudo dpkg -i *.deb them.   Then go through and fix any remaining
  missing packages, unconfigured packages.

To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1572301/+subscriptions

More information about the foundations-bugs mailing list