NT domain logon questions

Luke Kenneth Casson Leighton lkcl at switchboard.net
Thu Oct 23 14:42:26 GMT 1997 

On Thu, 23 Oct 1997, Edan Idzerda wrote:

> 
> Hi.  Myself and a anti-Micro$oft companion tried to get 
> NT domain logons working yesterday and seem pretty close, but
> not quite.

darn :)
 
> Samba is 1.9.18alpha3, server is an Ultra-2 running SunOS 5.5.1.


> When we try to join the domain OURDOM (was NTFREE, now's it NITWIT)
> the NT 4 WS hangs for a bit and then says "The domain server could
> not be located."

yep.
 
> Samba writes a lot of stuff to the log file, and most of it 
> really isn't very interesting to me, but the following seemed
> like an *error* that didn't seem covered in any of the docs
> I've/we've looked at.

um...
 
> 5C 50 49 50 45 5C 6C 73   61 72 70 63  0   \PIPE\ls  arpc.
> switch message SMBopenX (pid 6706)
> Skipping become_user - already user
> Opening pipe \PIPE\lsarpc.
> Known pipe lsarpc opening.
> unix_clean_name [lsarpc]
> is_in_path: lsarpc
> is_in_path: no name list.
> unix_clean_name [lsarpc]
> dos_mode: 12 lsarpc
> is_in_path: lsarpc
> is_in_path: no name list.
> dos_mode returning r
> 10/22/97 17:02:12 error packet at line 146 cmd=45 (SMBopenX) eclass=1 ecode=5
> error string = Permission denied

read the 1.9.18alpha3/docs/NTDOMAIN.txt file, in which it mentions that
you should do: 

	touch /tmp/lsarpc
	touch /tmp/NETLOGON
	touch /tmp/srvsvc

	chmod 666 /tmp/lsarpc
	chmod 666 /tmp/NETLOGON
	chmod 666 /tmp/srvsvc

this is clearly a security risk, i have been told (ln -s /tmp/lsarpc 
/etc/rc.boot/some_file and when running samba, get some_file wiped out) 
so watch out.
 
> 
> So I guess my only question at the moment would be, "is the above
> normal behavior?"  

yep.
 
> Hopefully we'll have our logs a little more together soon.  
> Thanks for any suggestions anyone might have... we're
> so close... yet so far...

what can i say.  oh, yes.  if your domain is only three letters long (e.g
"CB1"), there's a problem with the LSA_QUERYINFOPOLICY response, which
prevents you from getting "Welcome to the CB1 Domain".  i think. but i
haven't been able to get a packet trace of it, yet.

luke


<a href = "mailto:lkcl at switchboard.net"  > Luke Kenneth Casson Leighton </a>
<a href = "http://mailhost.cb1.com/~lkcl"> Lynx2.7-friendly Home Page   </a>
<br><b>   "Apply the Laws of Nature to your environment because your
           environment applies the Laws of Nature to you"               </b>

More information about the samba mailing list