NETLOGON system
Luke Kenneth Casson Leighton
lkcl at samba.org
Thu Jan 20 01:12:27 GMT 2000
this message is to people who are following the lists for technical clues.
i wanted to confirm that the NETLOGON system in NT stores credentials
INDEPENDENTLY of the SMB channel being used.
this means that samba 2.0.x has a problem.
it is possible to do this:
open smb connection
NetrRequestChallege()
NetrAuthenticate2()
close smb connectio
open smb connection
NetrServerPasswordSet()
NetrSamLogon()
....
why is this a problem in 2.0.x? because the close smb connection will
destroy the credentials created by the reqchal and auth2 calls.
why is this done in NT?
because it is possible to have SMB timeouts / disconnects after, say... 15
minutes.
SAMBA_TNG does not suffer from this problem, because i implemented a tdb
NETLOGON credential cache. the credentials created by NetrAuthenticate2()
/ ReqChal() are stored in a globally-accessible (as root) database, so
that the SMB connection can die, be restored, and a NetrSamLogon can
retrieve the credentials.
yes, i tried a connect/disconnect/connect with rpcclient, and yes, NT4 was
happy with it.
no, samba 2.0.x is not.
luke
<a href="mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://samba.org" > Samba Web site </a>
<a href="http://www.iss.net" > Internet Security Systems, Inc. </a>
<a href="http://mcp.com" > Macmillan Technical Publishing </a>
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
More information about the samba-technical
mailing list