Basically the client is attempting a SAM logon request with an empty user name. Samba responds with user unknown. Even at high log levels, I get nothing in the Samba logs. I found one other reference to this sort of issue, on an earlier Samba list post in 2002, then a follow-up in 8/04, both unanswered.
I'd be happy to look at the Samba code to better understand how/why this is happening, but don't know where to start. Advice is much appreciated.
Regards, David Black
No. Time Source Destination Protocol Info 4191 14:45:44.739000 dblack-pc.magnalynx.com ha1.magnalynx.com NETLOGON SAM LOGON request from client
Frame 4191 (281 bytes on wire, 281 bytes captured)
Arrival Time: Jan 19, 2005 14:45:44.739000000
Time delta from previous packet: 0.000003000 seconds
Time since reference or first frame: 1238.005492000 seconds
Frame Number: 4191
Packet Length: 281 bytes
Capture Length: 281 bytes
Ethernet II, Src: 00:0d:60:af:59:fc, Dst: 00:0d:60:0f:01:d6
Destination: 00:0d:60:0f:01:d6 (ha1.magnalynx.com)
Source: 00:0d:60:af:59:fc (dblack-pc.magnalynx.com)
Type: IP (0x0800)
Internet Protocol, Src Addr: dblack-pc.magnalynx.com (192.168.10.151), Dst
Addr: ha1.magnalynx.com (192.168.10.230)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 267
Identification: 0x31b6 (12726)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x715e (correct)
Source: dblack-pc.magnalynx.com (192.168.10.151)
Destination: ha1.magnalynx.com (192.168.10.230)
User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port: netbios-dgm (138)
Source port: netbios-dgm (138)
Destination port: netbios-dgm (138)
Length: 247
Checksum: 0x7e57 (correct)
NetBIOS Datagram Service
Message Type: Direct_group datagram (17)
More fragments follow: No
This is first fragment: Yes
Node Type: P node (1)
Datagram ID: 0x8022
Source IP: dblack-pc.magnalynx.com (192.168.10.151)
Source Port: 138
Datagram length: 225 bytes
Packet offset: 0 bytes
Source name: DBLACK-PC<00> (Workstation/Redirector)
Destination name: MAGNALYNX<1c> (Domain Controllers)
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
SMB Command: Trans (0x25)
Error Class: Success (0x00)
Reserved: 00
Error Code: No Error
Flags: 0x00
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 0... = Case Sensitivity: Path names are case sensitive
.... ..0. = Receive Buffer Posted: Receive buffer has not been
posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0x0000
0... .... .... .... = Unicode Strings: Strings are ASCII
.0.. .... .... .... = Error Code Type: Error codes are DOS error
codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if
execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 0... .... .... = Extended Security Negotiation: Extended
security negotiation is not supported
.... .... .0.. .... = Long Names Used: Path names in request are
not long file names
.... .... .... .0.. = Security Signatures: Security signatures are
not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are
not supported
.... .... .... ...0 = Long Names Allowed: Long file names are not
allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 0
Process ID: 0
User ID: 0
Multiplex ID: 0
Trans Request (0x25)
Word Count (WCT): 17
Total Parameter Count: 0
Total Data Count: 65
Max Parameter Count: 0
Max Data Count: 0
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: 1 second
Reserved: 0000
Parameter Count: 0
Parameter Offset: 0
Data Count: 65
Data Offset: 92
Setup Count: 3
Reserved: 00
Byte Count (BCC): 88
Transaction Name: \MAILSLOT\NET\NETLOGON
SMB MailSlot Protocol
Opcode: Write Mail Slot (1)
Priority: 1
Class: Unreliable & Broadcast (2)
Size: 88
Mailslot Name: \MAILSLOT\NET\NETLOGON
Microsoft Windows Logon Protocol
Command: SAM LOGON request from client (0x12)
Request Count: 0
Unicode Computer Name: DBLACK-PC
User Name:
Mailslot Name: \MAILSLOT\NET\GETDC808
Account control = 0x0000
.... .... .... .... .... .0.. .... .... = Autolock: User account NOT
auto-locked
.... .... .... .... .... ..0. .... .... = Expire: User password will
expire
.... .... .... .... .... ...0 .... .... = Server Trust: NOT a Server
Trust user account
.... .... .... .... .... .... 0... .... = Workstation Trust: NOT a
Workstation Trust user account
.... .... .... .... .... .... .0.. .... = Interdomain Trust: NOT a
Inter-domain Trust user account
.... .... .... .... .... .... ..0. .... = MNS User: NOT a MNS Logon
user account
.... .... .... .... .... .... ...0 .... = Normal User: NOT a normal
user account
.... .... .... .... .... .... .... 0... = Temp Duplicate User: NOT a
temp duplicate user account
.... .... .... .... .... .... .... .0.. = Password: Password required
.... .... .... .... .... .... .... ..0. = Homedir: Homedir required
.... .... .... .... .... .... .... ...0 = Enabled: User account disabled
Domain SID Size: 0
NT Version: 11
LMNT Token: 0xffff (Windows NT Networking)
LM20 Token: 0xffff (LanMan 2.0 or higher)
No. Time Source Destination Protocol
Info
4192 14:45:44.739035 ha1.magnalynx.com dblack-pc.magnalynx.com NETLOGON
SAM Response - user unknown
Frame 4192 (260 bytes on wire, 260 bytes captured)
Arrival Time: Jan 19, 2005 14:45:44.739035000
Time delta from previous packet: 0.000035000 seconds
Time since reference or first frame: 1238.005527000 seconds
Frame Number: 4192
Packet Length: 260 bytes
Capture Length: 260 bytes
Ethernet II, Src: 00:0d:60:0f:01:d6, Dst: 00:0d:60:af:59:fc
Destination: 00:0d:60:af:59:fc (dblack-pc.magnalynx.com)
Source: 00:0d:60:0f:01:d6 (ha1.magnalynx.com)
Type: IP (0x0800)
Internet Protocol, Src Addr: ha1.magnalynx.com (192.168.10.230), Dst Addr:
dblack-pc.magnalynx.com (192.168.10.151)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 246
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xa329 (correct)
Source: ha1.magnalynx.com (192.168.10.230)
Destination: dblack-pc.magnalynx.com (192.168.10.151)
User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port: netbios-dgm (138)
Source port: netbios-dgm (138)
Destination port: netbios-dgm (138)
Length: 226
Checksum: 0xc68f (correct)
NetBIOS Datagram Service
Message Type: Direct_unique datagram (16)
More fragments follow: No
This is first fragment: Yes
Node Type: M node (2)
Datagram ID: 0x1978
Source IP: ha1.magnalynx.com (192.168.10.230)
Source Port: 138
Datagram length: 204 bytes
Packet offset: 0 bytes
Source name: PDC<00> (Workstation/Redirector)
Destination name: DBLACK-PC<00> (Workstation/Redirector)
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
SMB Command: Trans (0x25)
Error Class: Success (0x00)
Reserved: 00
Error Code: No Error
Flags: 0x00
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 0... = Case Sensitivity: Path names are case sensitive
.... ..0. = Receive Buffer Posted: Receive buffer has not been
posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0x0000
0... .... .... .... = Unicode Strings: Strings are ASCII
.0.. .... .... .... = Error Code Type: Error codes are DOS error
codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if
execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 0... .... .... = Extended Security Negotiation: Extended
security negotiation is not supported
.... .... .0.. .... = Long Names Used: Path names in request are
not long file names
.... .... .... .0.. = Security Signatures: Security signatures are
not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are
not supported
.... .... .... ...0 = Long Names Allowed: Long file names are not
allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 0
Process ID: 0
User ID: 0
Multiplex ID: 0
Trans Request (0x25)
Word Count (WCT): 17
Total Parameter Count: 0
Total Data Count: 44
Max Parameter Count: 0
Max Data Count: 0
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 0
Parameter Offset: 0
Data Count: 44
Data Offset: 92
Setup Count: 3
Reserved: 00
Byte Count (BCC): 67
Transaction Name: \MAILSLOT\NET\GETDC808
SMB MailSlot Protocol
Opcode: Write Mail Slot (1)
Priority: 1
Class: Unreliable & Broadcast (2)
Size: 67
Mailslot Name: \MAILSLOT\NET\GETDC808
Microsoft Windows Logon Protocol
Command: SAM Response - user unknown (0x15)
Data (42 bytes)
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
