Web lists-archives.com

Re: [Samba] samba 4.4.14 breaks classic domain




I increased the logging to 10 on the problem member server. Didn't see anything of interest.

I did a packet capture on the PDC while typing " net rpc testjoin" from both the problem member server (4.4.14) and a working member server (4.4.13)

e.g

       SMB:  ----- SMB Header -----
       SMB:
       SMB:  CLIENT REQUEST
       SMB:  Command code = 0x72
       SMB:  Command name =  SMBnegprot
       SMB:
       SMB:  SMB Status:
       SMB:     - Error class = No error
       SMB:     - Error code = No error
       SMB:
       SMB:  Header:
       SMB:     - Tree ID      (TID) = 0x0000
       SMB:     - Process ID   (PID) = 0xfffe
       SMB:     - User ID      (UID) = 0x0000
       SMB:     - Multiplex ID (MID) = 0x0000
       SMB:     - Flags summary = 0x18
       SMB:     - Flags2 summary = 0xc843
       SMB:
       SMB:  ByteCount = 49
       SMB:  Dialect String = NT LANMAN 1.0
       SMB:  Dialect String = NT LM 0.12
       SMB:  Dialect String = SMB 2.002
       SMB:  Dialect String = SMB 2.???
       SMB:



On the working member server, the packet capture included a lot of "SMB" traffic. With the problem server, all the "SMB" packets were empty.

e.g.

       SMB:  ----- SMB:   -----
       SMB:
       SMB:  ""
       SMB:




Both machines are configured for a max protocol of SMB2. The problem machine is also configured for a min protocol of SMB2.


testparm -v

        client ipc max protocol = default
        client max protocol = SMB2
        server max protocol = SMB2

       client ipc min protocol = SMB2
        client min protocol = SMB2
        server min protocol = SMB2

On the PDC, the log file for IP_ADDRESS_OF_PROBLEM_SERVER shows


        Non-SMB packet of length 182. Terminating server


On 06/21/17 04:52, Andrew Bartlett wrote:
On Tue, 2017-06-20 at 17:23 -0400, Gaiseric Vandal via samba wrote:
I have several Samba 4.4.x servers (Solaris 11 x86_x64) in a samba
classic domain.    Samba patches are provided via the Oracle solaris
package update system.


The two domain controllers are running Samba 4.4.8.


A few weeks ago I ran the latest package  updates on a non-critical
server, which brought it up to 4.4.13.      All was OK as far as I could
tell.  This weekend I updated packages and brought the server up to 4.1.14.

This appears to have broken compatibility with the domain.

     root@memberserver1:~# net rpc testjoin
     Join to domain 'MYDOMAIN' is not valid:
     NT_STATUS_CONNECTION_DISCONNECTED
     root@memberserver1:~#


     root@memberserver1:~# net rpc join -U Administrator -S PDCServerName
     Enter Administrator's password:
     Failed to join domain: failed to lookup DC info for domain
     'MYDOMAIN' over rpc: The transport connection is now disconnected.
     root@memberserver1:~#


     root@memberserver1:~# net rpc join -U Administrator -S PDCServerIP
     Enter Administrator's password:
     Failed to join domain: failed to lookup DC info for domain
     'MYDOMAIN' over rpc: The transport connection is now disconnected.
     root@memberserver1:~#




"nslookup PDCServer" and "ping PDCServer" both work fine.


I suspect 4.4.14 was not tested in a classic domain and that I may be
out of luck.
I would first suggest running a more recently supported version, but I
suggest that you read the logs and see where it stops.  Turn up the log
level if need be.

Samba is tested as a classic DC in our autobuild system, so this isn't
just globally broken for everyone, it will be something OS or site-
specific.

Sorry,

Andrew Bartlett


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba