possible bug in winbindd netlogon handling
Gerald (Jerry) Carter
jerry at samba.org
Thu Jul 31 06:51:25 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 30 Jul 2003, Jeremy Drake wrote:
> This all applies to trusting a win2k domain from samba and from nt4.
>
> Digging through the code of winbindd, trying to figure out the problem
> I emailed earlier, and comparing what samba does and what nt 4.0 does in
> establishing a connection to the NETLOGON pipe, I discovered a
> discrepancy which seems to deal with an odd security setting I can't put
> my finger on. Here's how I understand what winbindd does to authenticate
> users from a trusted domain in my setup:
>
> 1 Setup an anonymous session with domain controller of trusted domain
> 2 Connect to IPC$
> 3 Open NETLOGON
> 4 Bind to NETLOGON
> 5 Authenticate the trust account using ServerReqChallenge and
> ServerAuthenticate2
> 6 Re-open netlogon
> 7 attempt to re-bind to netlogon
> 8 receive a Bind_nak packet
> 9 fail out with NT_STATUS_UNSUCCESSFUL, later NT_STATUS_NO_LOGON_SERVERS
This sounds like a bug with schannel I fixed last week. Are you using the
current SAMBA_3_0 cvs code?
cheers, jerry
----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"You can never go home again, Oatman, but I guess you can shop there."
--John Cusack - "Grosse Point Blank" (1997)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE/KLxtIR7qMdg1EfYRAqg5AKCxyAUsNObkkFWMvwx4+Wla/3L7wQCfXdkO
IAq3u7FUpN9KuKWHFnYUvOk=
=Wt2P
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list