TNG works with Win2k, fails with Win98
Luke Kenneth Casson Leighton
lkcl at samba.org
Mon Feb 21 03:40:02 GMT 2000
On 20 Feb 2000, Patrick J. LoPresti wrote:
> Luke Kenneth Casson Leighton <lkcl at samba.org> writes:
>
> > i removed the code that requires samba servers to be joined to their own
> > domain (see cvs message last week).
>
> OK.
>
> Let me repeat my problem then, at least as I have tracked it so far.
>
> > > My current problem appears to be that this call:
> > >
> > > msrpc_lsa_query_trust_passwd("\\\\.", "$MACHINE.ACC", trust_passwd, NULL))
> > >
> > > ..does not always place the same value in trust_passwd. This is
> > > causing my logons to fail from time to time.
>
> This code is in msrpc_netlogon.c:domain_client_validate(), line 111 or
> so. This is where the client code is getting hold of the workstation
> trust password to compute the session key. My authentication is
> failing once because the same call in netlogond is getting a different
> value for the trust password, thus disagreeing about the correct value
> for the session key. The second login attempt succeeds because the
> trust account password (and session key) match both in this code and
> in netlogond. (I have logs demonstrating this if you are interested.)
>
> I apologize if this is a stupid question, but isn't the $MACHINE.ACC
> trust password supposed to be constant?
check param/loadparm.c it should have machine_trust_password_timeout =
60*60*24*7, if there's a line saying =60, you got a cvs update _just_ when
i was doing some tests :)
More information about the samba-ntdom
mailing list