TNG works with Win2k, fails with Win98

Luke Kenneth Casson Leighton lkcl at samba.org
Mon Feb 21 03:40:02 GMT 2000


On 20 Feb 2000, Patrick J. LoPresti wrote:

> Luke Kenneth Casson Leighton <lkcl at samba.org> writes:
> 
> > i removed the code that requires samba servers to be joined to their own
> > domain (see cvs message last week).
> 
> OK.
> 
> Let me repeat my problem then, at least as I have tracked it so far.
> 
> > > My current problem appears to be that this call:
> > > 
> > >   msrpc_lsa_query_trust_passwd("\\\\.", "$MACHINE.ACC", trust_passwd, NULL))
> > > 
> > > ..does not always place the same value in trust_passwd.  This is
> > > causing my logons to fail from time to time.
> 
> This code is in msrpc_netlogon.c:domain_client_validate(), line 111 or
> so.  This is where the client code is getting hold of the workstation
> trust password to compute the session key.  My authentication is
> failing once because the same call in netlogond is getting a different
> value for the trust password, thus disagreeing about the correct value
> for the session key.  The second login attempt succeeds because the
> trust account password (and session key) match both in this code and
> in netlogond.  (I have logs demonstrating this if you are interested.)
> 
> I apologize if this is a stupid question, but isn't the $MACHINE.ACC
> trust password supposed to be constant?

check param/loadparm.c it should have machine_trust_password_timeout =
60*60*24*7, if there's a line saying =60, you got a cvs update _just_ when
i was doing some tests :)



More information about the samba-ntdom mailing list