Hmmm. Special XP weirdness/brokenness. Windows 2K working on 2.2.2 and 2.2.5 and Windows XP Not (not the usual problems)

Andrew Bartlett abartlet at
Thu Oct 17 12:18:00 GMT 2002

Alan Jones wrote:
> Hi,
> We have some special weirdness happening with Samba and windows XP here.
> Background:
> We are wanting to install a third party product passlogix, V-GO single
> sign on product on windows
> (, which authenticates against a windows
> server. Basically it uses the windows
> Authentication to allow the decryption of a credential database, to
> allow automatic signing on to many
> Applications. It allows a user only to have to remember a single
> password, and then sign on to multiple
> Applications. Great appplication. Useful for medicos, who otherwise have
> to remember 10 passwords that roll each month
> Etc.
> Anyway. To cut a long story short. We have tried this on 2.2.5 and 2.2.2
> and the same thing happens. Anyway.
> We install the product on W2K and it works and on WINXP (against the
> same samba server and she broke).
> The product requires the user to re-authenticate prior to decrypting the
> credential database.

This is after the domain logon?  And how does it do that?  

> When we use *DISCONNECT* the WINXP box from the network (using winXP)
> cached credentials, ie no samba
> Authentication it works like a treat. ONLY when Samba is queried she
> broke.

Hmm - I'm assuming this is using a domain logon.  It could be somthing
to do with session keys, or other such fun.

> We can provide a copy of the passlogix product if people are keen to
> help.
> Seems like the WinXP is doing things differently.

WinXP does a few things differently. :-(

> Now I should point out that WINXP, authenticates against the samba
> server as part of the windows login PERFECTLY.
> So as far as windows is concerned everything is nice with samba, only
> this third party product, which WE HAVE
> To RUN is broken. All help is gladly appreciated. I don't want to have
> to install active directory.!!!!

This looks very interesting - I'll need a lot more detail before I can
be much use unfortuntly.  But given sufficnet traces, we should be able
to track this down...

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list