samba - Jun 2015 - Issues with OS/2 and Samba 4

Hi folks,

I made some tests with OS/2 (really!) and Samba 4 (tested with 4.1.17) 
and found some issues:


1. Domain Logon

When doing a domain logon with "logon" then we get an error message in
the log:

[2015/06/02 12:40:07.291956,  2] 
../source4/nbt_server/dgram/netlogon.c:187(nbtd_mailslot_netlogon_handler)
   unknown netlogon op 0 from 10.144.41.131:138
[2015/06/02 12:40:07.292269,  1] 
../librpc/ndr/ndr.c:296(ndr_print_debug)
        netlogon: struct nbt_netlogon_packet
           command                  : LOGON_REQUEST (0)
           req                      : union nbt_netlogon_request(case 0)
           logon0: struct NETLOGON_LOGON_REQUEST
               computer_name            : 'TS-20107'
               user_name                : 'TS'
               mailslot_name            : '\MAILSLOT\TEMP\NETLOGON'
               request_count            : 0x00 (0)
               lmnt_token               : 0x0001 (1)
               lm20_token               : 0xffff (65535)

When looking at the current source the respective LOGON_REQUEST is 
missing from the switch at
   
https://git.samba.org/?p=samba.git;a=blob;f=source4/nbt_server/dgram/netlogon.c;h=0e5294cb94c42c13ef38d70885303998c75a7a39;hb=HEAD#l176

In Samba 3 this branch was still present and domain logon worked.


2. Mounting shares fails

When trying to mount a share from Samba 4 with "net use x: 
\\<server>\<sharename>" there is an
error in the log of the form

[2015/06/02 13:01:29.655435,  2] 
../libcli/auth/ntlm_check.c:437(ntlm_password_check)
   ntlm_password_check: invalid LanMan password length (0) for user TS

First, the variable for length in the sourcecode seems wrong:
   
https://git.samba.org/?p=samba.git;a=blob;f=libcli/auth/ntlm_check.c;h=7f91b52a5fd78982d85a300dc610329a7bd9a801;hb=HEAD#l435

I guess it should read "lm_response->length" in the debug message 
instead of "nt_response->length".

The value of "lm_response->length" is actually 1 in this case.


So here is the question: are these supposed to work or is this 
considered legacy/unsupported/etc.?
Is OS/2 still a supported client in Samba 4?
The respective configuration options for smb.conf like "lanman auth"
are
still present in the code.

If it is supposed to work I would be glad to help debugging these 
issues.


Best regards

   -- Dago

On Tue, Jun 02, 2015 at 02:56:07PM +0200, dam wrote:
> Hi folks,
> 
> I made some tests with OS/2 (really!) and Samba 4 (tested with
> 4.1.17) and found some issues:
> 
> 
> 1. Domain Logon
> 
> When doing a domain logon with "logon" then we get an error
message
> in the log:
> 
> [2015/06/02 12:40:07.291956,  2]
../source4/nbt_server/dgram/netlogon.c:187(nbtd_mailslot_netlogon_handler)
>   unknown netlogon op 0 from 10.144.41.131:138
> [2015/06/02 12:40:07.292269,  1]
> ../librpc/ndr/ndr.c:296(ndr_print_debug)
>        netlogon: struct nbt_netlogon_packet
>           command                  : LOGON_REQUEST (0)
>           req                      : union nbt_netlogon_request(case 0)
>           logon0: struct NETLOGON_LOGON_REQUEST
>               computer_name            : 'TS-20107'
>               user_name                : 'TS'
>               mailslot_name            : '\MAILSLOT\TEMP\NETLOGON'
>               request_count            : 0x00 (0)
>               lmnt_token               : 0x0001 (1)
>               lm20_token               : 0xffff (65535)
> 
> When looking at the current source the respective LOGON_REQUEST is
> missing from the switch at
>
https://git.samba.org/?p=samba.git;a=blob;f=source4/nbt_server/dgram/netlogon.c;h=0e5294cb94c42c13ef38d70885303998c75a7a39;hb=HEAD#l176
> 
> In Samba 3 this branch was still present and domain logon worked.
> 
> 
> 2. Mounting shares fails
> 
> When trying to mount a share from Samba 4 with "net use x:
> \\<server>\<sharename>" there is an
> error in the log of the form
> 
> [2015/06/02 13:01:29.655435,  2]
> ../libcli/auth/ntlm_check.c:437(ntlm_password_check)
>   ntlm_password_check: invalid LanMan password length (0) for user TS
> 
> First, the variable for length in the sourcecode seems wrong:
>
https://git.samba.org/?p=samba.git;a=blob;f=libcli/auth/ntlm_check.c;h=7f91b52a5fd78982d85a300dc610329a7bd9a801;hb=HEAD#l435
> 
> I guess it should read "lm_response->length" in the debug
message
> instead of "nt_response->length".
> 
> The value of "lm_response->length" is actually 1 in this case.
> 
> 
> So here is the question: are these supposed to work or is this
> considered legacy/unsupported/etc.?
> Is OS/2 still a supported client in Samba 4?
> The respective configuration options for smb.conf like "lanman
auth"
> are still present in the code.
> 
> If it is supposed to work I would be glad to help debugging these
> issues.
Thanks a lot for checking these things ! No one on the Team
runs OS/2 so it isn't easy to test we still work with it,
although we should.

Can you log bugs for these issues and we will work through
them with you if you're willing to do the testing work ?

Thanks,

Jeremy.

Hi Jeremy,

Am 02.06.2015 um 17:10 schrieb Jeremy Allison <jra at
samba.org>:
> Thanks a lot for checking these things ! No one on the Team
> runs OS/2 so it isn't easy to test we still work with it,
> although we should.
> 
> Can you log bugs for these issues and we will work through
> them with you if you're willing to do the testing work ?
Sure, I will comment inline on the issues with enhanced information.
Just let me know if you need more details.
> On Tue, Jun 02, 2015 at 02:56:07PM +0200, dam wrote:
>> I made some tests with OS/2 (really!) and Samba 4 (tested with
>> 4.1.17) and found some issues:
>> 
>> 1. Domain Logon
>> 
>> When doing a domain logon with "logon" then we get an error
message
>> in the log:
>> 
>> [2015/06/02 12:40:07.291956,  2]
../source4/nbt_server/dgram/netlogon.c:187(nbtd_mailslot_netlogon_handler)
>> unknown netlogon op 0 from 10.144.41.131:138
>> [2015/06/02 12:40:07.292269,  1]
>> ../librpc/ndr/ndr.c:296(ndr_print_debug)
>>     netlogon: struct nbt_netlogon_packet
>>        command                  : LOGON_REQUEST (0)
>>        req                      : union nbt_netlogon_request(case 0)
>>        logon0: struct NETLOGON_LOGON_REQUEST
>>            computer_name            : 'TS-20107'
>>            user_name                : 'TS'
>>            mailslot_name            : '\MAILSLOT\TEMP\NETLOGON'
>>            request_count            : 0x00 (0)
>>            lmnt_token               : 0x0001 (1)
>>            lm20_token               : 0xffff (65535)
Our smb.conf looks like this:
> # Global parameters
> [global]
> workgroup = GEBECODOM
> realm = GEBECODOM.GEBECO.DE
> netbios name = SAMBA
> server role = active directory domain controller
> dns forwarder = 10.144.42.2
> server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind,
ntp_signd, kcc, dnsupdate, dns, smb
> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon,
lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey,
dnsserver, winreg, srvsvc
> idmap_ldb:use rfc2307 = yes
> interfaces = ipmi0:2 lo0:2
> interfaces = 10.144.42.16/22 127.0.0.1/32
> bind interfaces only = yes
> 
> log file = /var/adm/samba.log
> max log size = 10000
> log level =  99 dns:1
> debug timestamp = yes
> 
> lanman auth = Yes
> lm announce = Yes
> lm interval = 30
> 
> client lanman auth = yes
> 
> 
> [netlogon]
> path = /var/opt/csw/samba/locks/sysvol/gebecodom.gebeco.de/scripts
> read only = No
> 
> [sysvol]
> path = /var/opt/csw/samba/locks/sysvol
> read only = No
> 
> [demo]
> path = /export/home/demo
> read only = no
On OS/2 the following commands are issued:
> logon /V:D
>> ts / pwd / GEBECODOM
> ...wait
> "domain controller could not be found"
Samba is logging the following error messages:
> samba log (loglevel = 99 dns:1 )
> SAMBA-Server IP : 10.144.42.16
> OS2 CLIENT IP   : 10.144.41.131
> 
> [2015/06/08 12:03:04.476133,  5, pid=5874, effective(0, 0), real(0, 0)]
../source4/libcli/dgram/dgramsocket.c:65(dgm_socket_recv)
> Received dgram packet of length 218 from 10.144.40.20:138
> [2015/06/08 12:03:04.476347,  5, pid=5874, effective(0, 0), real(0, 0)]
../source4/nbt_server/dgram/netlogon.c:172(nbtd_mailslot_netlogon_handler)
> netlogon request to GEBECODOM<00> from 10.144.40.20:138
> [2015/06/08 12:03:04.476402,  2, pid=5874, effective(0, 0), real(0, 0)]
../source4/nbt_server/dgram/netlogon.c:187(nbtd_mailslot_netlogon_handler)
> unknown netlogon op 0 from 10.144.40.20:138
> [2015/06/08 12:03:04.476439,  1, pid=5874, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:296(ndr_print_debug)
>      netlogon: struct nbt_netlogon_packet
>         command                  : LOGON_REQUEST (0)
>         req                      : union nbt_netlogon_request(case 0)
>         logon0: struct NETLOGON_LOGON_REQUEST
>             computer_name            : 'NOTFALL2'
>             user_name                : 'TS'
>             mailslot_name            : '\MAILSLOT\TEMP\NETLOGON'
>             request_count            : 0x00 (0)
>             lmnt_token               : 0x0001 (1)
>             lm20_token               : 0xffff (65535)
> [2015/06/08 12:03:04.476628,  5, pid=5874, effective(0, 0), real(0, 0)]
../source4/libcli/dgram/dgramsocket.c:65(dgm_socket_recv)
> Received dgram packet of length 202 from 10.144.42.172:138
The network snoop for the domain logon looks like this:

-------------- next part --------------


>> When looking at the current source the respective LOGON_REQUEST is
>> missing from the switch at
>>
https://git.samba.org/?p=samba.git;a=blob;f=source4/nbt_server/dgram/netlogon.c;h=0e5294cb94c42c13ef38d70885303998c75a7a39;hb=HEAD#l176
>> 
>> In Samba 3 this branch was still present and domain logon worked.


Best regards

? Dago


-- 
"You don't become great by trying to be great, you become great by
wanting to do something,
and then doing it so hard that you become great in the process." - xkcd
#896