Code for joining a domain in Samba 2.2.0-alpha1

[Tom Alsberg]

  OK. That's what I did: I ran MS NetMon which came with Microsoft
Windows 2000 Advanced Server, monitoring all packets in SAP/ETYPE of IP
between the Windows 2000 machine and the Samba 2.2.0-alpha1 server.
  I saw some RPC calls there, and looked at the Opnum field of the
call. I looked in the dispatch table for the Opnum of the call to
SAMR_CREATE_USER, which is 0x32. I looked at the captured traffic for
the call after that, whose Opnum was 0x11 - SAMR_LOOKUP_NAMES.

  I looked in api_samr_lookup_names, and saw it calls
samr_reply_lookup_names. I put some debugging statements in
samr_reply_lookup_names, to see that it was indeed called (it was), and
another debugging statement showed me it returned True (but adding the
account to the domain fails with error "the user name could not be
found"), so it seems to send the reply indicating the user exists in
some other way.

  After that call the only constructed call through RPC is
SAMR_CLOSE_HND (0x01), so it must be in SAMR_LOOKUP_NAMES. But I don't
understand how to cause it to reply that the user exists and
everything's fine.

  Again, any help/explanations appreciated,
  -- Tom

On Thu, Apr 12, 2001 at 03:31:28AM -0500, Gerald Carter wrote:
... *snip* ...
> 
> smbd uses a dispatch table loaded with function pointer
> to respond to RPC ops.  See the end of 
> rpc_server/srv_samr.c
> 
> >   I tried using tcpdump-smb to check the connections and 
> > look for function names there, without much success.
> 
> You'll need MS's netmon to deal with RPCs.  Your second
> best bet is to grep a level 10 smbd log for api_rpcTNP.
> Note that you can capture traces on the Linux host 
> using ethereal (http://www.ethereal.com/) and save them in netmon
> 1.x format.
> 

-- 

  ---*---

  Tom Alsberg
	Hebrew University of Jerusalem,
	institute of Computer Science and Engineering -
		System Group / Vision Lab