null session %U expansion (patch)
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Fri Oct 30 19:08:22 GMT 1998
> If you don't think it's desired behaviour then what name
> to do want %U to map to when SMB packets come in that
> are from an anonymous session ?
this is not quite the right question.
the behaviour (incorrect behaviour) we are seeing is when you get this:
- null connection to ipc$
- Netwkstagetinfo call
- auth connection either another sessetupX or a tconX with user
the behaviour (correct behaviour) occurs when:
- auth connection (sessetupX with username etc) plus tconX to a share
- null connection (tconX to ipc$)
- netwkstagetinfo call
the behaviour is caused by microsoft's "breaking" of the domain rules,
which were added so that lose95 and other non-nt-domain clients could
browse nt domain machines anonymously.
however, they must be compatible with nt 3.1 and nt 3.5/3.51 which do not
allow such anonymous connections.
therefore, if we refuse anonymous connections, then clients will
"revalidate" with a non-anonymous connection (usr, pass, domain)
immediately, and _then_ do a netwkstagetinfo call, and we will be in a
position to respond correctly.
can we add a "restrict anonymous" option to refuse all null session
connections, which i believe will fix this problem once and for all: we've
been over and over this for approximately eighteen months, it keeps coming
up.
luke
More information about the samba-ntdom
mailing list