|Summary:||Authentication fails when netbios/hostname is longer than MAX_NETBIOSNAME_LEN-1|
|Product:||[Fedora] Fedora||Reporter:||Harald Reindl <h.reindl>|
|Component:||samba||Assignee:||Guenther Deschner <gdeschner>|
|Status:||CLOSED ERRATA||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||20||CC:||abokovoy, asn, gdeschner, jlayton, madam, martin, sbose, ssorce|
|Fixed In Version:||samba-4.1.15-1.fc20||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2015-01-17 23:56:12 UTC||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description Harald Reindl 2014-12-18 12:48:44 UTC
i have here 6 machines with nearly identical configurations - one is in fact a 2 years ago disc clone and only on one machine after update to 4.1.14 login fails * downgrade * login works again * update * login for every user broken * downgrade * works again reproduced 5 times check_ntlm_password: Authentication for user [reindl] -> [reindl] FAILED with error NT_STATUS_NO_SUCH_USER [2014/12/18 13:22:25.630123, 2] ../source3/auth/auth.c:288(auth_check_ntlm_password) ____________________________________ BTW: while update this crash happens every time Dec 18 13:33:11 south smbd: /usr/sbin/smbd: /usr/lib64/samba/libwinbind-client.so: version `SAMBA_4.1.12' not found (required by /lib64/libwbclient.so.0) Dec 18 13:33:11 south systemd: smb.service: control process exited, code=exited status=1 Dec 18 13:33:11 south systemd: Failed to start Samba SMB Daemon. ____________________________________ [global] server string = fileserver netbios name = fileserver hosts allow = 192.168.1.0/24 127.0.0.1 hosts deny = all veto files = /.DS_Store/._*/.AppleDB/.AppleDesktop/.AppleDouble/.Parent/.TemporaryItems/Temporary Items/Network Trash Folder/.bin/.FBCIndex/.FBCLockFolder/TheFindByContentFolder/ delete veto files = yes workgroup = LOUNGE lm announce = no lanman auth = no ntlm auth = no client lanman auth = no client ntlmv2 auth = yes multicast dns register = no max protocol = SMB3 client signing = disabled store dos attributes = no log file = /var/log/samba/samba.log log level = 1 all:1 auth:2 passdb:2 tdb:2 vfs:1 smb:1 locking:0 sam:0 winbind:0 idmap:0 quota:0 acls:0 msdfs:0 dmapi:0 registry:0 printdrivers:0 lanman:0 rpc_parse:0 rpc_srv:0 rpc_cli:0 max log size = 4048 os level = 0 domain master = no preferred master = no local master = no disable netbios = yes wins support = no browse list = no dns proxy = no name resolve order = lmhosts hosts bcast nmbd bind explicit broadcast = no remote announce = 192.168.1.255 syslog = 0 syslog only = no smb ports = 445 139 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE max smbd processes = 50 max xmit = 32768 read raw = no write raw = no getwd cache = yes stat cache = yes max stat cache size = 512 use sendfile = yes restrict anonymous = 1 security = user invalid users = nobody root admin administrator guest gast pcguest anonymous access based share enum = yes ldap ssl = no server signing = Auto time server = no unix extensions = no show add printer wizard = no load printers = no printable = no printing = bsd printcap name = /dev/null hide unreadable = yes [homes] comment = Private Data writable = yes browseable = no valid users = %S nt acl support = no locking = yes oplocks = no level2 oplocks = no use sendfile = yes inherit permissions = yes vfs objects = netatalk follow symlinks = no wide links = no hide special files = yes strict allocate = yes strict sync = no
Comment 1 Harald Reindl 2014-12-18 12:51:04 UTC
P.S: yes i know that i gave karma after upgraded the first machines without any troubles except two remote servers while the last one failed
Comment 2 Guenther Deschner 2014-12-18 12:57:20 UTC
Have you upgraded libwbclient as well ?
Comment 3 Harald Reindl 2014-12-18 12:59:33 UTC
surely Dec 18 10:32:48 Installed: 2:libwbclient-4.1.14-1.fc20.x86_64 Dec 18 10:32:49 Installed: 2:samba-libs-4.1.14-1.fc20.x86_64 Dec 18 10:32:49 Installed: 2:samba-common-4.1.14-1.fc20.x86_64 Dec 18 10:32:49 Installed: 2:libsmbclient-4.1.14-1.fc20.x86_64 Dec 18 10:32:49 Installed: 2:samba-client-4.1.14-1.fc20.x86_64 Dec 18 10:32:50 Installed: 2:samba-4.1.14-1.fc20.x86_64 Dec 18 13:31:52 Installed: 2:libwbclient-4.1.12-5.fc20.x86_64 Dec 18 13:31:53 Installed: 2:samba-libs-4.1.12-5.fc20.x86_64 Dec 18 13:31:54 Installed: 2:samba-common-4.1.12-5.fc20.x86_64 Dec 18 13:31:54 Installed: 2:libsmbclient-4.1.12-5.fc20.x86_64 Dec 18 13:31:54 Installed: 2:samba-client-4.1.12-5.fc20.x86_64 Dec 18 13:31:54 Installed: 2:samba-4.1.12-5.fc20.x86_64 Dec 18 13:33:09 Updated: 2:libwbclient-4.1.14-1.fc20.x86_64 Dec 18 13:33:11 Updated: 2:samba-libs-4.1.14-1.fc20.x86_64 Dec 18 13:33:11 Updated: 2:samba-common-4.1.14-1.fc20.x86_64 Dec 18 13:33:11 Updated: 2:libsmbclient-4.1.14-1.fc20.x86_64 Dec 18 13:33:11 Updated: 2:samba-client-4.1.14-1.fc20.x86_64 Dec 18 13:33:11 Updated: 2:samba-4.1.14-1.fc20.x86_64 Dec 18 13:34:04 Installed: 2:libwbclient-4.1.12-5.fc20.x86_64 Dec 18 13:34:05 Installed: 2:samba-libs-4.1.12-5.fc20.x86_64 Dec 18 13:34:06 Installed: 2:samba-common-4.1.12-5.fc20.x86_64 Dec 18 13:34:06 Installed: 2:libsmbclient-4.1.12-5.fc20.x86_64 Dec 18 13:34:06 Installed: 2:samba-client-4.1.12-5.fc20.x86_64 Dec 18 13:34:06 Installed: 2:samba-4.1.12-5.fc20.x86_64
Comment 4 Michael Adam 2014-12-18 15:41:46 UTC
Is an old smbd still running by chance? i.e. unless you are not already doing so: could you make sure the upgrade process incorporates the following steps: - stop the samba services - make sure no smbd / winbindd / nmbd process is running - upgrade the packages to 4.1.14 - check symbol versions with "nm /lib64/libwbclient.so.0" and look out for occurrences of 4.1.12 - start samba - try login If the same happens as above, or if the nm check shows 4.1.12 then we have a problem with the binaries/libraries in the pkg. But since the upgrade works nicely on other servers, I rather think there is a more likely a problem with the starting/stopping the daemons during upgrade. Michael
Comment 5 Harald Reindl 2014-12-18 15:58:10 UTC
nm: /lib64/libwbclient.so.0: no symbols i completly stopped samba multiple times and restarted it at least 30 times by trying to play around with smb.conf (use one from other working machines) and raise/lower logging on the affected machine, deleted *anything* below /var/lib/samba/ and added a new user after that with "smbpasswd" after 3 hours i gave up, downgraded and all worked with the new password-database as well as with the backups containing the existing users and after another update it pretended again "NT_STATUS_NO_SUCH_USER" which is a different message than "NT_STATUS_WRONG_PASSWORD" i really have no clue what's going on there nor how it is possible that this affects only one machine but in fact "samba-4.1.12-5.fc20.x86_64" don't have that issue
Comment 6 Sumit Bose 2014-12-18 16:31:16 UTC
Please try objdump -T /lib64/libwbclient.so.0 | grep SAMBA instead of nm. For me it looks that the update did not remove the old version of the library. Pleae note that in 4.1.14 /lib/libwbclient.* is manages by the alternatives tool which afaik does not remove existing files. After the update /lib64/libwbclient.so.0.11 should be a link to /etc/alternatives/... If it is a file it is most probably the old version and yum/rpm was not able to remove it.
Comment 7 Harald Reindl 2014-12-18 16:56:49 UTC
* it is a symlink * i removed the phyiscal file before update again * Dec 18 17:51:35 south smbd: /usr/sbin/smbd: error while loading shared libraries: libwbclient.so.0: cannot open shared object file: No such file or directory * so the upgrade path is borked because smbd restarts in the middle fof the yum transaction * FRANKLY THAT is why i hate this damned automatic restarts because i am the once who decides when to restart services in case of deploy updates to 30 machines * i really don't get why we start with alternatives crap in case of libraries in any case - on that machine 4.1.4 don't work NT_STATUS_NO_SUCH_USER downgraded again before users kill me and all is fine _____________________________________________ that crash happens exatly *once* due upgrade Dec 18 17:47:56 localhost smbd: /usr/sbin/smbd: error while loading shared libraries: libwbclient.so.0: cannot open shared object file: No such file or directory Dec 18 17:47:56 localhost systemd: smb.service: control process exited, code=exited status=127 Dec 18 17:47:56 localhost systemd: Failed to start Samba SMB Daemon. 0000000000000000 DF *UND* 0000000000000000 SAMBA_4.1.14 winbindd_free_response 0000000000000000 DF *UND* 0000000000000000 SAMBA_4.1.14 winbindd_request_response 0000000000000000 DF *UND* 0000000000000000 SAMBA_4.1.14 winbindd_priv_request_response
Comment 8 Martin Smith 2015-01-09 10:27:17 UTC
I seem to have this problem as well. I also have several machines and only one is affected. The problem started as soon as the 4.1.14 update was installed. An active connection from a Windows machine stopped working and I could not authenticate it again. They all have fairly basic SMB configurations - standalone servers with a small number of shares and users. The machines that work are older installs and are still using an smbpasswd file. The affected machine will not accept logins. I get NT_STATUS_NO_SUCH_USER. The user is in the tdbsam database and prior to the update everything was working. The library file mentioned above is a symlink. I have verified the samba RPMS and they are ok. I have spent several hours troubleshooting and have not identified the problem. Local connection fails: smbclient //localhost/video -U martin Enter martin's password: ********* session setup failed: NT_STATUS_LOGON_FAILURE Samba log snippet: [2015/01/09 10:19:44.982150, 3] ../source3/auth/auth.c:177(auth_check_ntlm_password) check_ntlm_password: Checking password for unmapped user [MYGROUP]\[martin]@[ANALYTICAL-ENGINE] with the new password interface [2015/01/09 10:19:44.982187, 3] ../source3/auth/auth.c:180(auth_check_ntlm_password) check_ntlm_password: mapped user is: [ANALYTICAL-ENGINE]\[martin]@[ANALYTICAL-ENGINE] [2015/01/09 10:19:44.982221, 2] ../source3/auth/auth.c:288(auth_check_ntlm_password) check_ntlm_password: Authentication for user [martin] -> [martin] FAILED with error NT_STATUS_NO_SUCH_USER [2015/01/09 10:19:44.982266, 2] ../auth/gensec/spnego.c:743(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_NO_SUCH_USER pdbedit output: Module 'tdbsam' loaded Unix username: martin NT username: Account Flags: [U ] User SID: S-1-5-21-807222276-2518046738-2387355048-1005 Primary Group SID: S-1-5-21-807222276-2518046738-2387355048-513 Full Name: Martin Home Directory: \\analytical-engine\martin HomeDir Drive: Logon Script: Profile Path: \\analytical-engine\martin\profile Domain: Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 15:06:39 GMT Kickoff time: Wed, 06 Feb 2036 15:06:39 GMT Password last set: Fri, 09 Jan 2015 09:27:22 GMT Password can change: Fri, 09 Jan 2015 09:27:22 GMT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF # ls -l /lib64/libwbclient.so.0.11 lrwxrwxrwx. 1 root root 40 Jan 8 11:33 /lib64/libwbclient.so.0.11 -> /etc/alternatives/libwbclient.so.0.11-64 # rpm --verify samba samba-common samba-libs libwbclient S.5....T. c /etc/samba/smb.conf
Comment 9 Martin Smith 2015-01-09 12:34:18 UTC
I think the answer is here: https://bbs.archlinux.org/viewtopic.php?id=190592 4.1.14 appears to have changed the way long server names are handled. Previously they were not truncated, now they are. This causes a check for local name to fail. It's visible with auth logging set to 10. I have manually set a short netbios name in the config and the shares are now accessible.
Comment 10 Harald Reindl 2015-01-09 13:12:27 UTC
indeed - the servername in smb.conf had 16 chars, changed to one with 5 chars and login works also with 4.1.14 - Aaaaaargh
Comment 11 Andreas Schneider 2015-01-12 17:15:01 UTC
I've proposed a patch to fix this issue upstream.
Comment 12 Fedora Update System 2015-01-14 07:51:05 UTC
samba-4.1.15-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/samba-4.1.15-1.fc20
Comment 13 Fedora Update System 2015-01-14 07:52:33 UTC
samba-4.1.15-1.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/samba-4.1.15-1.fc21
Comment 14 Fedora Update System 2015-01-14 23:55:47 UTC
Package samba-4.1.15-1.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing samba-4.1.15-1.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-0701/samba-4.1.15-1.fc20 then log in and leave karma (feedback).
Comment 15 Fedora Update System 2015-01-17 23:56:12 UTC
samba-4.1.15-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Comment 16 Fedora Update System 2015-01-26 02:30:36 UTC
samba-4.1.15-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.