Re: [Samba] NET_SAMLOGON issue
On Fri, 2003-10-17 at 03:08, Fabien Chevalier wrote: > Hi all, > > I'm having a little trouble with my Samba setup. :-( > I hope some SMB protocol guru will be able to say to me what's going wrong! > I must apologize as it's a bit long and heavy in your mailbox, but this is not a > trivial issue > and i think it requires some explanations to be fully understood. We like e-mails like this. To everybody else on the list: Try to do as good a job as this when preparing your questions! > So let's go! > > Here is my setup: > - I use Samba 3.0.1-pre1 as PDC. Domain is called DC-SORRAL. > - Domain members are Win2K server and WinXP. > - SAM backend is ldapsam_compat. > - I can log on as a domain user in both Win2K and WinXP==->Roaming users work Ok. > Note: smb.conf is given as attachment > > So i would say a 'common LDAP Samba 3 setup' is up and running. > But now i need to go a bit further. > I'm trying to have a third party Windows software (called HummingBird DM - that's > a proprietary electronic document management System) to authenticate it's users > using the Samba PDC. > It's supposed to run with Windows NT4 SP4 or later as domain controller, so... I > suppose it should run with Samba 3. > (Tell me if i'm wrong :-)). It very much depends what parts of Samba 3.0 it's using. In this case, you hit something that doesn't work, but can easily be made to work. > HummmingBird DM uses a domain account which is in our case 'zzAdmin' with > password '55nm08dk55nm08dk'. > > I can log on zzAdmin without issue, but when i tell HummingBird's wizard to use the > account 'zzAdmin' > the wizard fails and sends back to me a wrong user name / wrong password error. > So i turn debugging level to 255, defined DEBUG_PASSWORD in auth_sam.c and recompile > the whole, and > restart Samba. > > Then i begin to analyse the log file: > (note: full log file is gziped as attachment - chosen parts are given below, as the > whole is ~6000 lines long) The full log didn't make it. Can you send it to me personally? > --SNIP-- > [2003/10/14 16:40:37, 5] rpc_server/srv_pipe.c:api_pipe_request(1454) > Requested \PIPE\NETLOGON > [2003/10/14 16:40:37, 4] rpc_server/srv_pipe.c:api_rpcTNP(1488) > api_rpcTNP: NETLOGON op 0x2 - created /tmp/in_NETLOGON_2.10.prs > [2003/10/14 16:40:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1495) > api_rpcTNP: rpc command: NET_SAMLOGON > --SNIP-- > > It seems Hummingbird wants to authenticate itself...good news!! > > --SNIP-- > [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_string2(960) > 0128 buffer : 5.5.n.m.0.8.d.k.5.5.n.m.0.8.d.k. And here is your password. > --SNIP-- > > HummingBird sends us zzAdmin...seems clever :-) > HummingBird sends us a clear text password...quite strangeas the debugging > string 'nt_chal_resp' > would make us think it is rather a NTLM challenge response. Yes, we would normally expect a challenge-response in that field. > --SNIP-- > > So this is what i thought of. > Samba treats the cleartext string an NTLMv2 challenge response...which makes > HummingBird fail to authenticate. > > It took me a few days to find the issue, and to review the 6000+ lines of log, > as i was a complete newbie with the SMB protocol. Given that, you have done very well. > So i would like now if possible the opinion of more knowledged people about NT > internals... > as i cannot pursue my analysis any further without external help (I did not find any > usefull information > on NT RPCS). > > What i would like to know is: > - if my analysis is right It seems so. > - if it is a bug in HummingBird DM auth mechanism No, they just call standard MS functions. IMAP on exchange is rumoured to do the same. > - if it is a bad assumption in Samba (Is SAM_NETLOGON RPC always using NTLMv2?) Samba has never seen this before. > - if it is an unimplemented dark NT feature in Samba ;-) > > ...and of course if it is fixable. Given we have the plain-text password, it's quite easy to fix. Can I have that full log, and an ethereal trace if possible, by private mail? An idea for a patch is attached. I have not tested it - it's just so you know what I'm looking at. Bonus points if it actually works :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NET_SAMLOGON issue
Hi all, I'm having a little trouble with my Samba setup. :-( I hope some SMB protocol guru will be able to say to me what's going wrong! I must apologize as it's a bit long and heavy in your mailbox, but this is not a trivial issue and i think it requires some explanations to be fully understood. So let's go! Here is my setup: - I use Samba 3.0.1-pre1 as PDC. Domain is called DC-SORRAL. - Domain members are Win2K server and WinXP. - SAM backend is ldapsam_compat. - I can log on as a domain user in both Win2K and WinXP==->Roaming users work Ok. Note: smb.conf is given as attachment So i would say a 'common LDAP Samba 3 setup' is up and running. But now i need to go a bit further. I'm trying to have a third party Windows software (called HummingBird DM - that's a proprietary electronic document management System) to authenticate it's users using the Samba PDC. It's supposed to run with Windows NT4 SP4 or later as domain controller, so... I suppose it should run with Samba 3. (Tell me if i'm wrong :-)). HummmingBird DM uses a domain account which is in our case 'zzAdmin' with password '55nm08dk55nm08dk'. I can log on zzAdmin without issue, but when i tell HummingBird's wizard to use the account 'zzAdmin' the wizard fails and sends back to me a wrong user name / wrong password error. So i turn debugging level to 255, defined DEBUG_PASSWORD in auth_sam.c and recompile the whole, and restart Samba. Then i begin to analyse the log file: (note: full log file is gziped as attachment - chosen parts are given below, as the whole is ~6000 lines long) --SNIP-- [2003/10/14 16:40:37, 5] rpc_server/srv_pipe.c:api_pipe_request(1454) Requested \PIPE\NETLOGON [2003/10/14 16:40:37, 4] rpc_server/srv_pipe.c:api_rpcTNP(1488) api_rpcTNP: NETLOGON op 0x2 - created /tmp/in_NETLOGON_2.10.prs [2003/10/14 16:40:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1495) api_rpcTNP: rpc command: NET_SAMLOGON --SNIP-- It seems Hummingbird wants to authenticate itself...good news!! --SNIP-- [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 00e4 uni_str_len: 0007 [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) 00e8 buffer : z.z.A.d.m.i.n. [2003/10/14 16:40:37, 9] rpc_parse/parse_prs.c:prs_debug(81) f6 smb_io_unistr2 uni_wksta_name [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 00f8 uni_max_len: 000c [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 00fc undoc : [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0100 uni_str_len: 000c [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) 0104 buffer : D.C.-.S.O.R.R.A.L.-.0.6. [2003/10/14 16:40:37, 9] rpc_parse/parse_prs.c:prs_debug(81) 00011c smb_io_string2 nt_chal_resp [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 011c str_max_len: 0020 [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0120 undoc : [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0124 str_str_len: 0020 [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_string2(960) 0128 buffer : 5.5.n.m.0.8.d.k.5.5.n.m.0.8.d.k. [2003/10/14 16:40:37, 9] rpc_parse/parse_prs.c:prs_debug(81) 000148 smb_io_string2 lm_chal_resp [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0148 str_max_len: 000e [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 014c undoc : [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0150 str_str_len: 000e [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_string2(960) 0154 buffer : 55NM08DK55NM08 [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0162 validation_level: 0003 --SNIP-- HummingBird sends us zzAdmin...seems clever :-) HummingBird sends us a clear text password...quite strangeas the debugging string 'nt_chal_resp' would make us think it is rather a NTLM challenge response. --SNIP-- sam_password_ok: Checking NTLMv2 password with domain [DC-SORRAL] [2003/10/14 16:40:37, 100] auth/auth_sam.c:smb_pwd_check_ntlmv2(131) Part password (P16) was | [2003/10/14 16:40:37, 100] lib/util.c:dump_data(1825) [000] 83 0D 28 64 3B F5 66 10 23 F9 14 15 80 08 95 40 ..(d;.f. #..@ Password from client was | [2003/10/14 16:40:37, 100] lib/util.c:dump_data(1825) [000] 35 00 35 00 6E 00 6D 00 30 00 38 00 64 00 6B 00 5.5.n.m. 0.8.d.k. [010] 35 00 35 00 6E 00 6D 00 30 00 38 00 64 00 6B 00 5.5.n.m. 0.8.d.k. Variable data from client was | [2003/10/14 16:40:37, 100] lib/util.c:dump_data(1825) [000] 35 00 35 00 6E 00 6D 00 30 00 38 00 64 00 6B 00 5.5.n.m. 0.8
