Citrix Metaframe demystified

[Jean Francois Micouleau]

On Thu, 4 Feb 1999, Andy Polyakov wrote:

> Hello, everybody!
> 
> As several of you pointed out SAMBA PDC drives Windows NT Terminal
> Server Edition (TSE) with Citrix Metaframe nuts. I was fortunate enough
> to have two TSE+Metaframe boxes in the house, one talking to NT Server
> PDC and one talking to SAMBA PDC:-) so that I had the chance to trace
> and compare network traffic going on betweem TSE and PDC during logon
> sequence. Here is what I've managed to figure out. Unlike plain NT
> Workstation TSE+Metaframe box at some point attempts to connect to
> PDC's \winreg pipe (remote connection to registry, right?) in order to

yes, right.

> query System\CurrentControlSet\Control\Citrix\UserConfig\jdoe and then
> InheritAutoLogon keys. Now the difference in behavior of NT PDC and
> SAMBA PDC (in my place) appears to be that NT PDC returns
> NT_STATUS_ACCESS_DENIED (notorious "limit remote access to registry"
> from every security advisory), while SAMBA grants access and returns a
> value that winlogon.exe obviously fails to interpret as it crashes with
> exception C0000005 (I myself have no clue about the number, but I bet
> it's kind of SEGV) according to the Event Viewer.

Samba has currently a minimal support for the registry, open/close and
lookup a value. What ever value you ask, Samba always return the same
string "LanmanNT".

> Ta-da! I can now login on TSE as SAMBA domain user!
> 
> Once again I want to point out that the patch above is just something I
> did in order to back up my analysis of network traces. No more, no
> less.
> 
> Cheers. Andy.

	J.F.