Hmmm. Special XP weirdness/brokenness. Windows 2K working on 2.2.2 and 2.2.5 and Windows XP Not (not the usual problems)

Andrew Bartlett abartlet at samba.org
Thu Oct 17 12:18:00 GMT 2002 

Alan Jones wrote:
> 
> Hi,
> 
> We have some special weirdness happening with Samba and windows XP here.
> 
> Background:
> 
> We are wanting to install a third party product passlogix, V-GO single
> sign on product on windows
> (http://www.passlogix.com), which authenticates against a windows
> server. Basically it uses the windows
> Authentication to allow the decryption of a credential database, to
> allow automatic signing on to many
> Applications. It allows a user only to have to remember a single
> password, and then sign on to multiple
> Applications. Great appplication. Useful for medicos, who otherwise have
> to remember 10 passwords that roll each month
> Etc.
> 
> Anyway. To cut a long story short. We have tried this on 2.2.5 and 2.2.2
> and the same thing happens. Anyway.
> 
> We install the product on W2K and it works and on WINXP (against the
> same samba server and she broke).
> 
> The product requires the user to re-authenticate prior to decrypting the
> credential database.

This is after the domain logon?  And how does it do that?  

> When we use *DISCONNECT* the WINXP box from the network (using winXP)
> cached credentials, ie no samba
> Authentication it works like a treat. ONLY when Samba is queried she
> broke.

Hmm - I'm assuming this is using a domain logon.  It could be somthing
to do with session keys, or other such fun.

> We can provide a copy of the passlogix product if people are keen to
> help.
> 
> Seems like the WinXP is doing things differently.

WinXP does a few things differently. :-(

> Now I should point out that WINXP, authenticates against the samba
> server as part of the windows login PERFECTLY.
> So as far as windows is concerned everything is nice with samba, only
> this third party product, which WE HAVE
> To RUN is broken. All help is gladly appreciated. I don't want to have
> to install active directory.!!!!

This looks very interesting - I'll need a lot more detail before I can
be much use unfortuntly.  But given sufficnet traces, we should be able
to track this down...

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list