Inability to have W2K recognize domain
Luke Kenneth Casson Leighton
lkcl at samba.org
Fri Mar 24 08:42:19 GMT 2000
hi kurt, thanks for your report. can you please try 1.3?
i was particularly interested to hear about glibc5 failing. can you
please try rpcclient -S . -U root% -l log and issue an lsaquery or other
simple command (srvinfo), and let me know if that works, and if not, where
it fails (debug level 100). it's likely to be a socket-related issue.
yes, you are correct: rpcclient -S . (which can only be run as root) can
be used to do the equivalent of the "su" command on unix. it's used to
boot-strap-create an administrator-level account, and i am considering,
like the AS/U install procedure, to automate this (please type in an
administrator username/password, initiating blah blah).
i have ntpass working fine, what is the issue? can you check the
private/smbpasswd file, see if it has [U ] on the user you are
attempting to change-password-of, if it has [UD ] this means user
i am pleased to see that you explicitly have guest ok = no in the
[netlogon] section, btw.
the agent redirector not found message can be ignored, i thought i
increased the debug log level for that so it wouldn't show up, oh well.
the cannot-locate-domain-controller message i definitely have fixed for
various cases, now. if you still have problems with 1.3, please either
send me a netmon capture (preferable v1) or increase log levels to 100,
locate the relevant section in log.nmb which has a UDP packet coming in,
search for the function name "process_logon_packet", and send me the
request. it can be identified by having the words GETDC, your workstation
name, MAILSLOT\NETLOGON\GETDCxxx i think. it may also have domain: or
domain: yourdomainname in the parts afterwards, and the last few bytes
will be 03 00 00 00 ff ff ff ff.
regarding the password change, ntpass, i have this working with no
problems, you do this:
bin/rpcclient -S tngserver -U% -l log
[thgserver$ ] ntpass username
Old password: test
New password: tttt
NT password changed: OK.
ntlogin will only work if you specify the root username/password on
startup, or if you use it with -S . -U root - log. the reason for this is
that this [testing and admin-only] command must read the $MACHINE.ACC,
which is protected for security reasons and can only be accessed by root.
in fact, strictly speaking, it should _only_ be accessible as root on -S .
-U root, and i'm not even sure i want that to be allowed, but that's
regarding createuser / smbpasswd, please always do createuser username -p
password, as createuser username will create an account that is disabled,
with no password.
i have a little more sorting out of the syntax, here, methinks, to do.
your input greatly appreciated,
<a href=" mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
<a href=" http://cb1.com/~lkcl" > Samba and Network Development </a>
<a href=" http://samba.org" > Samba Web site </a>
<a href=" http://mcp.com" > Macmillan Technical Publishing </a>
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
More information about the samba-technical