TNG 0.7 - can't join domain

Luke Kenneth Casson Leighton lkcl at samba.org
Tue Feb 29 17:50:26 GMT 2000 

damn, damn - ok, i bet the two are related.

ok.

become_root()
...
become_root()
...
unbecome_root() - really does unbecome root
...
samr_drect_query_userinfo() - fails because it's not root
...
unbecome_root() - fails because we're already non-root.

dammit.

i'm not certain as to how to eliminate this, because according to some
people we should _only_ be running as root, which is a security risk if we
do it at the moment because there is no checking otheerwise on file access
inside the msrpc code.

i could "fix" this by doing an increment on become_root() instead of
root_depth = 1 do root_depth++...

> Looks like 0018 status : c0000017 (both smb and netlogon)
> 
> The smb log also contains ERROR: unbecome root depth is 0 (from lib/set_uid.c:354).
> 
> Luke Kenneth Casson Leighton wrote:
> 
> > On Tue, 29 Feb 2000, Michael Breuer wrote:
> >
> > > Ok... sorry.
> >
> > no problem.
> >
> > > First, let me note that with the same machines & configuration I was
> > > able to join the domain in 0.5. That said... I installed 0.7 and
> > > selected "network identity" on a W2K workstation.  I entered the name
> > > of the samba domain and hit "OK."  When prompted for the
> > > userid/password of a user authorized to join the machine to the
> > > domain, I entered the samba administrator id and password
> > > (Administrator).  According to the logs, the "credentials" were 'null'
> > > and the ID mapped to root (uid=0).  I tried a different account (also
> > > with administrator access to both the ws and samba --- and with same
> > > passwords).  Same message.  For fun, I added "root" to smbpasswd (with
> > > samedit) and set the password to match the root password of the unix
> > > system.  Also no luck.
> >
> > hmm.... ok, 'cos i'm doing exactly that, and it works.  hmm: can you take
> > a look in the logs, at level 100, for "status: C000" or maybe
> > "status:c0000"?
> >
> > this last error code will say what's failing.  then let me know what you
> > think it might be, from the info proceeding the error-status-code.
> >
> > thx.
> 

<a href=" mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton    </a>
<a href=" http://cb1.com/~lkcl"  > Samba and Network Development   </a>
<a href=" http://samba.org"      > Samba Web site                  </a>
<a href=" http://www.iss.net"    > Internet Security Systems, Inc. </a>
<a href=" http://mcp.com"        > Macmillan Technical Publishing  </a>
 
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals

More information about the samba-ntdom mailing list