[Pkg-samba-maint] Bug#561716: samba: security=domain broken, server get's empty user name

Juergen Pfennig info at j-pfennig.de
Sat Dec 19 20:11:44 UTC 2009 

Package: samba
Version: 2:3.4.2-1~bpo50+3
Severity: normal


Sorry for the 'bpo' versioni (and for not sending any level 10 logs)
 ...

My member servers stopped authenticating against the primary server.
Forcing the members to use security=user would still work but would
cause other problems.

On the server side the log contains some spurious information:

[2009/12/19 20:54:56,  3] smbd/sesssetup.c:1607(reply_sesssetup_and_X)
  Domain=[]  NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2009/12/19 20:54:56,  3] smbd/sesssetup.c:1623(reply_sesssetup_and_X)
  sesssetupX:name=[]\[]@[10.21.2.7]
[2009/12/19 20:54:56,  3] smbd/sesssetup.c:151(check_guest_password)
  Got anonymous request
[2009/12/19 20:54:56,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user []\[]@[]
with the new password interface
[2009/12/19 20:54:56,  3] auth/auth.c:225(check_ntlm_password)
  check_ntlm_password:  mapped user is: []\[]@[]
[2009/12/19 20:54:56,  3] lib/smbldap.c:660(smb_ldap_start_tls)
...

As can be seen the server gets an empty user name and denies the
authentication.

When trying 'smbclient -U xxxx -L \\\\member-server' the authentication
works (like with security=user).

-- System Information:
Debian Release: 5.0.3
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-8-a64 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages samba depends on:
ii  adduser         3.110                    add and remove users and groups
ii  debconf [debcon 1.5.24                   Debian configuration management sy
ii  libacl1         2.2.47-2                 Access control list shared library
ii  libattr1        1:2.4.43-2               Extended attribute shared library
ii  libc6           2.7-18lenny1             GNU C Library: Shared libraries
ii  libcap2         2.11-2                   support for getting/setting POSIX.
ii  libcomerr2      1.41.3-1                 common error description library
ii  libcups2        1.3.8-1+lenny7           Common UNIX Printing System(tm) - 
ii  libgnutls26     2.4.2-6+lenny2           the GNU TLS library - runtime libr
ii  libkrb53        1.6.dfsg.4~beta1-5lenny1 MIT Kerberos runtime libraries
ii  libldap-2.4-2   2.4.11-1+lenny1          OpenLDAP libraries
ii  libpam-modules  1.0.1-5+lenny1           Pluggable Authentication Modules f
ii  libpam-runtime  1.0.1-5+lenny1           Runtime support for the PAM librar
ii  libpam0g        1.0.1-5+lenny1           Pluggable Authentication Modules l
ii  libpopt0        1.14-4                   lib for parsing cmdline parameters
ii  libwbclient0    2:3.4.2-1~bpo50+3        Samba winbind client library
ii  lsb-base        3.2-20                   Linux Standard Base 3.2 init scrip
ii  procps          1:3.2.7-11               /proc file system utilities
ii  samba-common    2:3.4.2-1~bpo50+3        common files used by both the Samb
ii  update-inetd    4.31                     inetd configuration file updater
ii  zlib1g          1:1.2.3.3.dfsg-12        compression library - runtime

Versions of packages samba recommends:
ii  logrotate                     3.7.1-5    Log rotation utility

Versions of packages samba suggests:
pn  ctdb                        <none>       (no description available)
pn  ldb-tools                   <none>       (no description available)
ii  openbsd-inetd [inet-superse 0.20080125-2 The OpenBSD Internet Superserver
pn  smbldap-tools               <none>       (no description available)

-- debconf information:
* samba/run_mode: daemons
  samba/generate_smbpasswd:

More information about the Pkg-samba-maint mailing list