TNG works with Win2k, fails with Win98
Patrick J. LoPresti
patl at cag.lcs.mit.edu
Mon Feb 21 03:25:52 GMT 2000
Luke Kenneth Casson Leighton <lkcl at samba.org> writes:
> i removed the code that requires samba servers to be joined to their own
> domain (see cvs message last week).
OK.
Let me repeat my problem then, at least as I have tracked it so far.
> > My current problem appears to be that this call:
> >
> > msrpc_lsa_query_trust_passwd("\\\\.", "$MACHINE.ACC", trust_passwd, NULL))
> >
> > ..does not always place the same value in trust_passwd. This is
> > causing my logons to fail from time to time.
This code is in msrpc_netlogon.c:domain_client_validate(), line 111 or
so. This is where the client code is getting hold of the workstation
trust password to compute the session key. My authentication is
failing once because the same call in netlogond is getting a different
value for the trust password, thus disagreeing about the correct value
for the session key. The second login attempt succeeds because the
trust account password (and session key) match both in this code and
in netlogond. (I have logs demonstrating this if you are interested.)
I apologize if this is a stupid question, but isn't the $MACHINE.ACC
trust password supposed to be constant?
- Pat
More information about the samba-ntdom
mailing list