NT4SP4

Luke Kenneth Casson Leighton lkcl at switchboard.net
Tue Nov 10 20:08:02 GMT 1998 

On Tue, 10 Nov 1998, Paul Leach wrote:

> When did the problem creep in?

well i've been assisted by someone on this list who has been sending me
bug reports against nt4sp4 rc1.43 and then rc1.99, and then against the
final release.

summary of issues found:

sp4 rc1.43:

- client-side dce/rpc code in sp4 rc1.43 failed to work against a samba
server.  this showed up as, for example, failure of sp4 to browse a samba
server.

investigation showed that we were replying with the rpc fragment 16 bytes
short (the size of the rpc header).  adding 16 fixed this

- server-side dce/rpc code was fine.


sp4 rc1.99

- server-side dce/rpc code in sp4 rc1.99 failed to work against samba
client code.  this showed up as failure of samba "security = domain" mode,
and rpcclient breaking.

investigation showed that the queries sent by samba client-side dce/rpc
code had rpc fragment lengths 16 bytes short.


sp4 final release

- domain logons failed sp4 client against a samba PDC.  sp4 clients were
sending flags 0x4000 01ff in NetAuth2 requests.  the code pre oct 22
returned exactly the same flags, which caused the sp4 client to think it
was talking to a sp4 server.  we now return 0x0000 01ff and the sp4 domain
clients are happy.


nt5 beta2

- unicode strings have headers and buffers.  we had an off-by-one bug that
all versions of nt except nt5 beta2 do not catch.  nt5 beta2 returns a
dce/rpc "fault" message if the header length does not match absolutely
exactly with the buffer size.

> We test against Samba here, and our testers
> tell me they tested against SP4. We also tested against it at the CIFS
> workshop with SP4 and NT5, without this kind of obvious problem (that I
> heard of).

i had fixed the rc1.44 and rc1.99 issues by then.  i had not made any
calls of the kind that failed (or if i did, i had not paid much attention
to it).  i also hadn't got one of the NT4 SP4 machines to join a samba
domain, so the NetAuth2 issue wasn't found.

to summarise, my observations (through mistakes in my rpc code!) so far
basically show that the nt dce/rpc code is improving in its quality and
robustness.

luke



> > -----Original Message-----
> > From: Luke Kenneth Casson Leighton [mailto:lkcl at switchboard.net]
> > Sent: Tuesday, November 10, 1998 9:39 AM
> > To: Multiple recipients of list
> > Subject: Re: NT4SP4
> > 
> > 
> > fixed in latest version.
> > 
> > 
> > On Wed, 11 Nov 1998, J. A. Landamore wrote:
> > 
> > > Our system was working happily with the CVS from Oct. 22 
> > 1998 and SP3 on NT4.  
> > > We have only the administrator account locally, all other 
> > accounts are on the 
> > > samba server with roaming profiles.
> > > 
> > > We have upgraded to SP4 and now no one can log on.  If the 
> > administrator logs on 
> > > locally then people can connect to their shares quite 
> > happily.  We have removed 
> > > all the machines from the domain and re-connected them, we 
> > get the "Welcome" 
> > > message indicating, at least to me, that they have 
> > connected to the samba 
> > > service happily.  Yet when a user tries to log on they get
> > > 
> > > The system cannot log you on to this domain because the 
> > system's computer 
> > > account in its primary domain is missing or the password on 
> > that account is 
> > > incorrect.
> > > 
> > > Anyone any ideas what is (not) happening and how to cure 
> > it.  Going back to SP3 
> > > is not an option.
> > > 
> > > TIA
> > > 
> > > 
> > > John Landamore			| Researchers have 
> > already cast much darkness |
> > > Sys. Admin.			| on the subject, and if they 
> > continue their  |
> > > 				| investigations we shall soon 
> > know nothing   |
> > > e-mail:	jal at mcs.le.ac.uk	| at all about it.	
> > 		      |
> > > 				|		- Mark Twain -	
> > 	      |
> > > 
> > > Phone: 	+44 (0)116 2523410
> > > Fax: 	+44 (0)116 2523604
> > > 
> > 
> > <a href="mailto:lkcl at samba.anu.edu.au" > Luke Kenneth Casson 
> > Leighton  </a>
> > <a href="http://mailhost.cb1.com/~lkcl"> Samba and Network 
> > Development </a>
> > <a href="http://www.samba.co.uk"       > Samba and Network 
> > Consultancy </a>
> > 
> 

<a href="mailto:lkcl at samba.anu.edu.au" > Luke Kenneth Casson Leighton  </a>
<a href="http://mailhost.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://www.samba.co.uk"       > Samba and Network Consultancy </a>

More information about the samba-ntdom mailing list