TNG works with Win2k, fails with Win98
Luke Kenneth Casson Leighton
lkcl at samba.org
Sun Feb 20 04:34:47 GMT 2000
On Sun, 20 Feb 2000, Richard Sharpe wrote:
> Hi,
>
> At 03:15 AM 2/20/00 +1100, Lonnie J. Borntreger wrote:
> >Finally. I'm no longer the only one talking about this problem.
> >
> >STATUS: Samba TNG does not support Win9x authentication. I ONLY works for
> >users on NT or 2000.
> >
> >SOLUTION: Somebody with access to an NT PDC based domain needs to do a
> >netmon trace of a successful domain login and a successful GETDC request
> >from a Win9x machine and send it to Luke Leighton (lkcl at samba.org). Once he
> >has that, he will fix the implementation.
> >
> >CAVEAT: I've asked for someone to do that trace several times in the last
> >4-6 months, and no-one has stepped forward and done it.
>
> OK,
>
> It is the LM MD4 hash part that is failing ... I can't see yet what is
> wrong, as the code has changed a lot, but the functions look the same.
>
> I wonder, is there any way to force Samba to use the same challenge all the
> time? I need to be able to compare the results of Samba-TNG and
> Samba-2.0.6 to see if they produce the same result.
urr..... get_challenge() in 2.0.x, isn't it? i forget :)
it's in negprot.c.
yeah, generate_next_challenge().
> >TTFN,
> >Lonnie Borntreger
> >
> >> -----Original Message-----
> >> From: samba-ntdom at samba.org [mailto:samba-ntdom at samba.org]On Behalf Of
> >> Patrick J. LoPresti
> >> Sent: Friday, February 18, 2000 7:09 PM
> >> To: Multiple recipients of list SAMBA-NTDOM
> >> Subject: TNG works with Win2k, fails with Win98
> >>
> >>
> >> We have been authenticating Win98 users against Samba 2.0.5a for a
> >> long time, but I need a real PDC by next week (ahem) or the Powers
> >> That Be just might start imposing a real NT infrastructure.
> >>
> >> So I checked out TNG this afternoon at 1:50 P.M. EST (6:50 UTC), built
> >> it on a test machine, hacked up a smb.conf file to make it Domain
> >> Controller for a domain named "TEST", and copied smbpasswd from our
> >> existing installation.
> >>
> >> The result is that a Windows 2000 box can join the domain and
> >> authenticate users. Nice work! The native Win2k user admin tools
> >> tend to crash, but some command-line thingamys in the Resource Kit
> >> provide enough functionality (specifically, adding a domain account to
> >> the local Administrators group) that we can live with it.
> >>
> >> The only problem is that I can no longer authenticate Windows 98. It
> >> says "your password is invalid or your logon share is inaccessible" or
> >> somesuch. Note that this is the same TEST domain and user login which
> >> worked on Windows 2000, so I do not think my configuration is the
> >> problem. But who knows.
> >>
> >> I have a 55K level 10 debug log of the entire failed effort; I would
> >> be glad to send that and my smb.conf to any interested parties. I am
> >> also a reasonably competent C hacker with lots of spare time available
> >> this weekend...
> >>
> >> - Pat
> >>
> >
> >
>
> Regards
> -------
> Richard Sharpe, sharpe at ns.aus.com, Master Linux Administrator :-),
> Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
> Co-author, SAMS Teach Yourself Samba in 24 Hours
> Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course
> Author: First Australian 2-day, intensive, hands-on Samba course
>
<a href=" mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
<a href=" http://cb1.com/~lkcl" > Samba and Network Development </a>
<a href=" http://samba.org" > Samba Web site </a>
<a href=" http://www.iss.net" > Internet Security Systems, Inc. </a>
<a href=" http://mcp.com" > Macmillan Technical Publishing </a>
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
More information about the samba-ntdom
mailing list