3.0Alpha21 and W2K AD 'dorking' Samba machine acct?

Andrew Bartlett abartlet at samba.org
Fri Feb 14 20:08:06 GMT 2003 

On Thu, 2003-02-13 at 01:30, Nik Conwell wrote:
> 
> On Thu, 30 Jan 2003, Andrew Bartlett wrote:
> 
> 
> > On Thu, 2003-01-30 at 23:32, Nik Conwell wrote:
> > >
> > > Anybody seeing a scenario like this?
> > >
> > > net ads join adds our machine entry to AD just fine.
> > >
> > >   The machine entry object in the AD database has:
> > >
> > >    OperatingSystem        "Samba"
> > >    OperatingSystemVersion "post3.0-HEAD"
> > >    dnsHostname            "ourhost"
> > >
> > > Some time later "something" happened, and AD now has:
> > >
> > >    OperatingSystem        "Windows"
> > >    OperatingSystemVersion "NT 4"
> > >    dnsHostname            is empty.
> > >
> > > and then authentication to ourhost fails.
> >
> > Something is doing a NT4 password change.  This can occur if
> > 'security=domain' is set, rather than 'security=ads'.
> >
> > Or if 'net rpc changetrustpw' is run.
> 
> Interesting - security=ads is set in the config, and neither of the two of us
> who have privs to do the net cmds have run changetrustpw (or knew what it was
> before you wrote about it ;-))
> 
> I have an unverified pet theory that under some circumstances the smbd may think
> it's running as security=domain (unable to read the config file due to it being
> unmounted - it's on NFS disk - or since the file doesn't have o=r).  I'll put
> some DEBUG logging statements near change_trust_account_password() to see if
> we're somehow getting there.
> 
> Thanks for your help.
> -nik

I since looked into this myself - and it's werid!

If you make even a single connection to the NETLOGON pipe, to verify an
NTLM password with the PDC, your OS gets reset!  

This occurs during the credentials setup for that pipe - the interesting
thing will be to see what Win2k does for that pipe, and to see if we can
emulate it.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030215/de6237a1/attachment.bin

More information about the samba-technical mailing list