Win2K problem looking up SIDs to names.

Luke Kenneth Casson Leighton lkcl at samba.org
Tue Feb 29 07:14:36 GMT 2000 

jeremy,

the 0x39 lsarpc opcode you are supposed to return a fault pdu to -- just
like nt 4.0 does.

as a result of returning the fault pdu, nt5 will carry on by using
_different_ msrpc functions.

if you were running tng you'd find that it worked fine.

see the cvs message i sent about bind nack and fault pdu (i added nack
support to tng yesterday) i wrote some specific comments for you in it.

btw we HAVE to do this merge, it's not ok to be constantly rediscovering
everything and duplicating / wasting effort on all these things.
especially as this has been going on for far too long, already.

i count, from a quick recall, about four, maybe five, areas where you have
spent time reinventing what i already have in tng, and sometimes (which is
REALLY bad) adding things to cvs main or 2.0 but NOT adding them to tng.

this cannto continue for much longer

On Mon, 28 Feb 2000, Jeremy Allison wrote:

> Luke,
> 
> 	I'm doing a security -> view on Win2k and its
> giving me a open"\lsarpc" pipe call, followed by an
> OPEN_POLICY2, followed by this rpc call (which
> we don't decode). BTW: I checked in TNG and we don't
> decode it there either. 
> 
> switch message SMBtrans (pid 1195)
> Skipping become_user - already user
> trans <\PIPE\> data=152 params=0 setup=2
> calling named_pipe
> named pipe command on <> name
> api_fd_reply
> search for pipe pnum=7037
> pipe name lsarpc pnum=7038 (pipes_open=2)
> pipe name lsarpc pnum=7037 (pipes_open=2)
> Got API command 0x26 on pipe "lsarpc" (pnum 7037)api_fd_reply: p:0x8184c80 max_trans_reply: 1024
> 000000 smb_io_rpc_hdr 
>     0000 major     : 05
>     0001 minor     : 00
>     0002 pkt_type  : 00
>     0003 flags     : 03
>     0004 pack_type0: 10
>     0005 pack_type1: 00
>     0006 pack_type2: 00
>     0007 pack_type3: 00
>     0008 frag_len  : 0098
>     000a auth_len  : 0000
>     000c call_id   : 00000003
> 000010 smb_io_rpc_hdr_req req
>     0010 alloc_hint: 00000080
>     0014 context_id: 0000
>     0016 opnum     : 0039
> Doing \PIPE\lsarpc
> api_rpcTNP: api_ntlsa_rpc op 0x39 - unknown
> rpc_command: DCE/RPC fault should be sent here
> Unsupported API fd command
> 
> Any idea what this one is ? Without it Win2k
> won't go onto do the lookup sids call. Under NT4.x,
> after the OPEN_POLICY2 it goes straight into the
> 
> api_rpcTNP: api_ntlsa_rpc op 0xf - api_rpc_command: LSA_LOOKUPSIDS
> 
> call and all is well (correct unix names shown in dialog
> box).
> 
> Cheers,
> 
> 	Jeremy.
> 
> -- 
> --------------------------------------------------------
> Buying an operating system without source is like buying
> a self-assembly Space Shuttle with no instructions.
> --------------------------------------------------------
> 

<a href=" mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton    </a>
<a href=" http://cb1.com/~lkcl"  > Samba and Network Development   </a>
<a href=" http://samba.org"      > Samba Web site                  </a>
<a href=" http://www.iss.net"    > Internet Security Systems, Inc. </a>
<a href=" http://mcp.com"        > Macmillan Technical Publishing  </a>
 
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals

More information about the samba-technical mailing list