TNG 0.7 - can't join domain
Luke Kenneth Casson Leighton
lkcl at samba.org
Tue Feb 29 17:50:26 GMT 2000
damn, damn - ok, i bet the two are related.
ok.
become_root()
...
become_root()
...
unbecome_root() - really does unbecome root
...
samr_drect_query_userinfo() - fails because it's not root
...
unbecome_root() - fails because we're already non-root.
dammit.
i'm not certain as to how to eliminate this, because according to some
people we should _only_ be running as root, which is a security risk if we
do it at the moment because there is no checking otheerwise on file access
inside the msrpc code.
i could "fix" this by doing an increment on become_root() instead of
root_depth = 1 do root_depth++...
> Looks like 0018 status : c0000017 (both smb and netlogon)
>
> The smb log also contains ERROR: unbecome root depth is 0 (from lib/set_uid.c:354).
>
> Luke Kenneth Casson Leighton wrote:
>
> > On Tue, 29 Feb 2000, Michael Breuer wrote:
> >
> > > Ok... sorry.
> >
> > no problem.
> >
> > > First, let me note that with the same machines & configuration I was
> > > able to join the domain in 0.5. That said... I installed 0.7 and
> > > selected "network identity" on a W2K workstation. I entered the name
> > > of the samba domain and hit "OK." When prompted for the
> > > userid/password of a user authorized to join the machine to the
> > > domain, I entered the samba administrator id and password
> > > (Administrator). According to the logs, the "credentials" were 'null'
> > > and the ID mapped to root (uid=0). I tried a different account (also
> > > with administrator access to both the ws and samba --- and with same
> > > passwords). Same message. For fun, I added "root" to smbpasswd (with
> > > samedit) and set the password to match the root password of the unix
> > > system. Also no luck.
> >
> > hmm.... ok, 'cos i'm doing exactly that, and it works. hmm: can you take
> > a look in the logs, at level 100, for "status: C000" or maybe
> > "status:c0000"?
> >
> > this last error code will say what's failing. then let me know what you
> > think it might be, from the info proceeding the error-status-code.
> >
> > thx.
>
<a href=" mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
<a href=" http://cb1.com/~lkcl" > Samba and Network Development </a>
<a href=" http://samba.org" > Samba Web site </a>
<a href=" http://www.iss.net" > Internet Security Systems, Inc. </a>
<a href=" http://mcp.com" > Macmillan Technical Publishing </a>
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
More information about the samba-ntdom
mailing list