samba.20.andwin at spamgourmet.com
2014-Apr-15 18:21 UTC
[Samba] ignoring malformed3 datagram packet
Hi, after quite some testing I do now have my Samba4 setup in production use. The setup mainly consists of an AD-Controller and an AD Member Server which provides file shares to about 20 Windows 7 clients. Everything is working well so far except for two somewhat 'special' clients. For these I observe the following: 1) On the AD Member Server periodically (every hour) appears a message in log.nmbd similar to the following for each of the two clients: [2014/04/15 13:47:46, 0] ../source3/nmbd/nmbd_packets.c:1289(process_dgram) process_dgram: ignoring malformed3 (datasize = 494, len=408, off=100) datagram packet sent to name MYDOM<00> from IP 192.168.0.107 2) On at least one of the clients the file shares from the AD Member Server disconnect from time to time, especially when the client has not been touched for a while. This means that the mounted network drives in the Windows Explorer become a red cross. However, as soon as one clicks on them they are back to normal again. The only difference I can think of for these two clients as opposed to the other clients is that the two problematic clients are connected to the same switch whereas the others are not. Are issues 1) and 2) related? What does message 1) mean and what implications does it have? I would appreciate some guidance on how to troublehoot this, especially problem 2). Best regards Andreas
On Tue, Apr 15, 2014 at 08:21:08PM +0200, samba.20.andwin at spamgourmet.com wrote:> Hi, > after quite some testing I do now have my Samba4 setup in production > use. The setup mainly consists of an AD-Controller and an AD Member > Server which provides file shares to about 20 Windows 7 clients. > Everything is working well so far except for two somewhat 'special' > clients. For these I observe the following: > > 1) On the AD Member Server periodically (every hour) appears a message > in log.nmbd similar to the following for each of the two clients: > > [2014/04/15 13:47:46, 0] ../source3/nmbd/nmbd_packets.c:1289(process_dgram) > process_dgram: ignoring malformed3 (datasize = 494, len=408, > off=100) datagram packet sent to name MYDOM<00> from IP 192.168.0.107This is giving notice that someone sent an invalid, potentially dangerous packet from that IP address. if ((buf2 + len < dgram->data) || (buf2 + len > dgram->data + dgram->datasize)) { DEBUG(0,("process_dgram: ignoring malformed3 (datasize = %d, len=%d, off=%d) datagram \ packet sent to name %s from IP %s\n", This might be an attack, or an error in the client. Investigate... Maybe a virus ? Jeremy.