The autobuild test system (on sn-devel-144) has detected an intermittent failing test in the current master tree.
The autobuild log of the failure is available here: https://git.samba.org/autobuild.flakey.sn-devel-144/2018-05-16-0636/flakey.log The failure seems to be in the "samba-nt4" suite, whose build logs are available here: https://git.samba.org/autobuild.flakey.sn-devel-144/2018-05-16-0636/samba-nt4.stderr https://git.samba.org/autobuild.flakey.sn-devel-144/2018-05-16-0636/samba-nt4.stdout The top commit at the time of the failure was: commit c7a3ce95ac4ce837d8fde36578b3b1f56c3ac2fa Author: Stefan Metzmacher <me...@samba.org> Date: Mon May 7 14:50:27 2018 +0200 auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server This fixes "NTLMSSP NTLM2 packet check failed due to invalid signature!" error messages, which were generated if the client only sends NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL on an LDAP connection. This fixes a regession in the combination of commits 77adac8c3cd2f7419894d18db735782c9646a202 and 3a0b835408a6efa339e8b34333906bfe3aacd6e3. We need to evaluate GENSEC_FEATURE_LDAP_STYLE at the end of the authentication (as a server, while we already do so at the beginning as a client). As a reminder I introduced GENSEC_FEATURE_LDAP_STYLE (as an internal flag) in order to let us work as a Windows using NTLMSSP for LDAP. Even if only signing is negotiated during the authentication the following PDUs will still be encrypted if NTLMSSP is used. This is exactly the same as if the client would have negotiated NTLMSSP_NEGOTIATE_SEAL. I guess it's a bug in Windows, but we have to reimplement that bug. Note this only applies to NTLMSSP and only to LDAP! Signing only works fine for LDAP with Kerberos or DCERPC and NTLMSSP. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Wed May 16 03:26:03 CEST 2018 on sn-devel-144 and the last 50 lines of the stdout log were: [453(2311)/500 at 18m6s] samba.wbinfo_simple.online-status.domain=$DOMAIN(nt4_dc:local) [454(2312)/500 at 18m6s] samba.wbinfo_simple.check-secret.domain=$DOMAIN(nt4_dc:local) [455(2313)/500 at 18m7s] samba.wbinfo_simple.change-secret.domain=$DOMAIN(nt4_dc:local) [456(2314)/500 at 18m7s] samba.wbinfo_simple.check-secret.domain=$DOMAIN(nt4_dc:local) [457(2315)/500 at 18m7s] samba.wbinfo_simple.online-status.domain=$DOMAIN(nt4_dc:local) [458(2316)/500 at 18m7s] samba.wbinfo_simple.domain-users(nt4_dc:local) [459(2317)/500 at 18m7s] samba.wbinfo_simple.domain-groups(nt4_dc:local) [460(2318)/500 at 18m7s] samba.wbinfo_simple.name-to-sid=$DC_USERNAME(nt4_dc:local) [461(2319)/500 at 18m7s] samba.wbinfo_simple.name-to-sid=$DOMAIN/$DC_USERNAME(nt4_dc:local) [462(2320)/500 at 18m7s] samba.wbinfo_simple.user-info=$DOMAIN/$DC_USERNAME(nt4_dc:local) [463(2321)/500 at 18m7s] samba.wbinfo_simple.user-groups=$DOMAIN/$DC_USERNAME(nt4_dc:local) [464(2322)/500 at 18m7s] samba.wbinfo_simple.authenticate=$DOMAIN/$DC_USERNAME%$DC_PASSWORD(nt4_dc:local) [465(2323)/500 at 18m7s] samba.wbinfo_simple.allocate-uid(nt4_dc:local) [466(2324)/500 at 18m7s] samba.wbinfo_simple.allocate-gid(nt4_dc:local) [467(2325)/500 at 18m8s] samba.wbinfo_sids2xids.(nt4_dc:local)(nt4_dc:local) [468(2326)/500 at 18m14s] samba.ntlm_auth.diagnostics(nt4_dc:local)(nt4_dc:local) [469(2327)/500 at 18m14s] samba.ntlm_auth.(nt4_dc:local)(nt4_dc:local) [470(2346)/500 at 18m16s] samba.wbinfo_simple.ping(nt4_member:local) [471(2347)/500 at 18m16s] samba.wbinfo_simple.separator(nt4_member:local) [472(2348)/500 at 18m16s] samba.wbinfo_simple.own-domain(nt4_member:local) [473(2349)/500 at 18m16s] samba.wbinfo_simple.all-domains(nt4_member:local) [474(2350)/500 at 18m16s] samba.wbinfo_simple.trusted-domains(nt4_member:local) [475(2351)/500 at 18m16s] samba.wbinfo_simple.domain-info=BUILTIN(nt4_member:local) [476(2352)/500 at 18m16s] samba.wbinfo_simple.domain-info=$DOMAIN(nt4_member:local) [477(2353)/500 at 18m16s] samba.wbinfo_simple.online-status(nt4_member:local) [478(2354)/500 at 18m16s] samba.wbinfo_simple.online-status.domain=BUILTIN(nt4_member:local) [479(2355)/500 at 18m17s] samba.wbinfo_simple.online-status.domain=$DOMAIN(nt4_member:local) [480(2356)/500 at 18m17s] samba.wbinfo_simple.check-secret.domain=$DOMAIN(nt4_member:local) UNEXPECTED(failure): samba.wbinfo_simple.check-secret.domain=SAMBA-TEST.wbinfo(nt4_member:local) REASON: Exception: Exception: wbcCheckTrustCredentials(SAMBA-TEST): error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233) failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR Could not check secret checking the trust secret for domain SAMBA-TEST via RPC calls failed FAILED (1 failures, 0 errors and 0 unexpected successes in 0 testsuites) A summary with detailed information can be found in: ./bin/ab/summary TOP 10 slowest tests samba3.raw.notify(nt4_dc) -> 98 samba3.smb2.notify(nt4_dc) -> 80 samba3.rpc.samr.passwords.lockout(nt4_dc) -> 61 samba4.rpc.echo on ncacn_np with object(nt4_dc) -> 60 samba3.rpc.samr.passwords.pwdlastset(nt4_dc) -> 49 samba3.smb2.lease(nt4_dc) -> 45 samba3.raw.oplock(nt4_dc) -> 42 samba3.smb2.oplock(nt4_dc) -> 41 samba3.raw.search(nt4_dc) -> 34 samba3.raw.lock(nt4_dc) -> 33 ERROR: test failed with exit code 1