Inability to have W2K recognize domain

Luke Kenneth Casson Leighton lkcl at
Fri Mar 24 08:42:19 GMT 2000

hi kurt, thanks for your report.  can you please try 1.3?

i was particularly interested to hear about glibc5 failing.  can you
please try rpcclient -S . -U root% -l log and issue an lsaquery or other
simple command (srvinfo), and let me know if that works, and if not, where
it fails (debug level 100).  it's likely to be a socket-related issue.

yes, you are correct: rpcclient -S . (which can only be run as root) can
be used to do the equivalent of the "su" command on unix.  it's used to
boot-strap-create an administrator-level account, and i am considering,
like the AS/U install procedure, to automate this (please type in an
administrator username/password, initiating blah blah).

i have ntpass working fine, what is the issue?  can you check the
private/smbpasswd file, see if it has [U      ] on the user you are
attempting to change-password-of, if it has [UD     ] this means user
account, disabled.

i am pleased to see that you explicitly have guest ok = no in the
[netlogon] section, btw.

the agent redirector not found message can be ignored, i thought i
increased the debug log level for that so it wouldn't show up, oh well.

the cannot-locate-domain-controller message i definitely have fixed for
various cases, now.  if you still have problems with 1.3, please either
send me a netmon capture (preferable v1) or increase log levels to 100,
locate the relevant section in log.nmb which has a UDP packet coming in,
search for the function name "process_logon_packet", and send me the
request.  it can be identified by having the words GETDC, your workstation
name, MAILSLOT\NETLOGON\GETDCxxx i think.  it may also have domain: or
domain: yourdomainname in the parts afterwards, and the last few bytes
will be 03 00 00 00 ff ff ff ff.

regarding the password change, ntpass, i have this working with no
problems, you do this:

bin/rpcclient -S tngserver -U% -l log
[thgserver$ ] ntpass username
Old password: test
New password: tttt
NT password changed: OK.

ntlogin will only work if you specify the root username/password on
startup, or if you use it with -S . -U root - log.  the reason for this is
that this [testing and admin-only] command must read the $MACHINE.ACC,
which is protected for security reasons and can only be accessed by root.

in fact, strictly speaking, it should _only_ be accessible as root on -S .
-U root, and i'm not even sure i want that to be allowed, but that's
another story.

regarding createuser / smbpasswd, please always do createuser username -p
password, as createuser username will create an account that is disabled,
with no password.

i have a little more sorting out of the syntax, here, methinks, to do.

your input greatly appreciated,


<a href=" mailto:lkcl at" > Luke Kenneth Casson Leighton    </a>
<a href=""  > Samba and Network Development   </a>
<a href=""      > Samba Web site                  </a>
<a href=""        > Macmillan Technical Publishing  </a>
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals

More information about the samba-technical mailing list