Bug 1495448

Summary: Win7 fails to connect Rhel6.4 (security=user). log shows 'Locking key/Unlocking key'
Product: Red Hat Enterprise Linux 6 Reporter: amitkuma
Component: sambaAssignee: Andreas Schneider <asn>
Status: CLOSED DUPLICATE QA Contact: qe-baseos-daemons
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.4CC: amitkuma, asn, gdeschner, jarrpa
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-15 12:55:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description amitkuma 2017-09-26 05:16:49 UTC 
Description of problem:
  RHEL-6.4                            Win7-client
[global]                                 |
    workgroup = WORKGROUP                |
    security = user                      |
    map to guest = Bad User              |
    passdb backend = tdbsam              |
[myshare]                                |
    path = /share                        |
    browsable = yes                      |
    guest ok = yes                       |
    read only = no                       |
    create mask = 0755                   |
         <-----access share------------- |
				You might not have permissions to use this network resource. 
				Contact administrator of server for finding you have access permissions.
                                An unexpected network error occurred.
Locking key FB740000FFFFFFFF
Allocated locked data 0x0x7f7cf12ceed0
Unlocking key FB740000FFFFFFFF

/var/log/messages
Aug 28 04:39:47 prodlnxfilesrv smbd[2050]: [2017/08/28 04:39:47.088786,  0] rpc_server/srv_pipe.c:1418(api_pipe_bind_auth3)
Aug 28 04:39:47 prodlnxfilesrv smbd[2050]:   Auth failed (NT_STATUS_NO_SUCH_USER)
Aug 28 04:39:47 prodlnxfilesrv smbd[2050]: [2017/08/28 04:39:47.104014,  0] rpc_server/srv_pipe.c:1418(api_pipe_bind_auth3)
Aug 28 04:39:47 prodlnxfilesrv smbd[2050]:   Auth failed (NT_STATUS_NO_SUCH_USER)
Aug 28 04:39:47 prodlnxfilesrv smbd[2050]: [2017/08/28 04:39:47.126223,  0] rpc_server/srv_pipe.c:1418(api_pipe_bind_auth3)
Aug 28 04:39:47 prodlnxfilesrv smbd[2050]:   Auth failed (NT_STATUS_NO_SUCH_USER)

From Packet Captures:
160.88.2.42	  160.89.2.28	
Win-7-client	  RHEL-6.4-server
     --NegoProReq->
     <-NegoProRes(NTLM .12)-
     --SesSetUpReq(NEGO)->
     <-SesSetUpRes(REQ)-
     --SesSetUpReq(AUTH)->
     <--SesSetUpReq(RES)-
     <--TCP-Retransmission-   <<<<<<
          -TCP-ACK-->   
      --SesSetUpReq(NEGO)->


Version-Release number of selected component (if applicable):
samba-3.6.23-43.el6_9.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Set up passwordless share on RHEL6.4
2. Access from Win7 client
3. Shares cannot be accessed you get these logs.
Locking key FB740000FFFFFFFF
Allocated locked data 0x0x7f7cf12ceed0
Unlocking key FB740000FFFFFFFF


Actual results:
Shares are not accessible

Expected results:
Shares should be accessible

Additional info:
Exact same configuration is working on RHEL-7.2
Comment 3 Andreas Schneider 2017-11-07 09:34:14 UTC 
Hmm,

looking at the samba-non-working.tat.bz2 logs it looks like the client resets the connection:

[2017/08/29 15:08:57.263165,  3] auth/check_samsec.c:399(check_sam_security)
  check_sam_security: Couldn't find user 'D289397' in passdb.
[2017/08/29 15:08:57.263192,  5] auth/auth.c:281(check_ntlm_password)
  check_ntlm_password: sam authentication for user [D289397] FAILED with error NT_STATUS_NO_SUCH_USER
[2017/08/29 15:08:57.263219,  2] auth/auth.c:330(check_ntlm_password)
  check_ntlm_password:  Authentication for user [D289397] -> [D289397] FAILED with error NT_STATUS_NO_SUCH_USER
[2017/08/29 15:08:57.263248,  3] smbd/sesssetup.c:63(do_map_to_guest)
  No such user D289397 [DEV] - using guest account

As you can see it doesn't know the user and maps it to the guest account! A few lines later:

[2017/08/29 15:08:57.263847, 10] ../lib/util/util.c:415(dump_data)
  [0000] A1 07 30 05 A0 03 0A 01   00 55 00 6E 00 69 00 78   ..0..... .U.n.i.x
  [0010] 00 00 00 53 00 61 00 6D   00 62 00 61 00 20 00 33   ...S.a.m .b.a. .3
  [0020] 00 2E 00 36 00 2E 00 32   00 33 00 2D 00 34 00 33   ...6...2 .3.-.4.3
  [0030] 00 2E 00 65 00 6C 00 36   00 5F 00 39 00 00 00 4D   ...e.l.6 ._.9...M
  [0040] 00 59 00 47 00 52 00 4F   00 55 00 50 00 00 00     .Y.G.R.O .U.P...
[2017/08/29 15:09:12.918137,  1] smbd/process.c:457(receive_smb_talloc)
  receive_smb_raw_talloc failed for client 160.88.2.42 read error = NT_STATUS_CONNECTION_RESET.

Samba tries to send its version information but the connection has been already reset by the client!
Comment 4 Andreas Schneider 2017-11-13 11:26:05 UTC 
This doesn't really look like a Samba issue if the connection is being reset.
Comment 5 Andreas Schneider 2017-11-13 13:44:46 UTC 
I think this is the same as bug #1413484

I guess Win7 requires signing ...
Comment 6 Andreas Schneider 2017-11-15 12:55:14 UTC 

*** This bug has been marked as a duplicate of bug 1413484 ***
Comment 7 amitkuma 2019-10-28 11:31:59 UTC 
Clearing NEEDINFO since this is closed as Duplicate