unknown RPC opcodes during join+logon

Richard Sharpe rsharpe at ns.aus.com
Thu Sep 19 19:52:01 GMT 2002 

On Thu, 19 Sep 2002, Vijay Kota wrote:

> I am attaching the traces for 2 clients - FUBAR and FOOBAR.

OK, thanks for that, but there is insufficient info in just two packets to 
allow Ethereal to dissect all the stuff in there.

That makes it difficult to see what is going on.

I can make available a trace of a WinXP system joining an AD domain.
 
> Here's what my Win2K clients do (pl. refer to trace):
> 	Odd name: <8-byte-credential><4-byte flags = 0x6007ffff>
> 	Even name: <8-byte-credential>,0x6B,0,<4-byte flags =
> 0x0007ffff>
> 
> But here are the results I got with changes to Samba:
> 	Odd name: <credential><4-byte flags = 0x0007ffff>: Access Denied
> 	Even name: <credential>,0x6B,0,<flags=0x0007ffff>: Access Denied
> 	Odd name: <credential><flags = 0x000001ff>:
> 		Success but "servicePrincipalName" attribute in Active
> 		Directory disappears
> 	Even name: <credential>,0x6B,0,<flags=0x000001ff>:
> 		Success but "servicePrincipalName" attribute in Active
> 		Directory disappears
> 	Odd/even name: <credential>,0x6B,0,0x6B,0,<flags=0x0007ffff>
> 		Everything seems ok. However I think Luke is most
> 		probably right about the PDC ignoring the flag value -
> at
> 		least part of it. I haven't tried diff. flag settings
> 
> Hope this helps,
> Vijay
> 
> -----Original Message-----
> From: samba-technical-admin at lists.samba.org
> [mailto:samba-technical-admin at lists.samba.org] On Behalf Of Richard
> Sharpe
> Sent: Thursday, September 19, 2002 1:24 PM
> To: Vijay Kota
> Cc: samba-technical at lists.samba.org
> Subject: RE: unknown RPC opcodes during join+logon
> 
> On Thu, 19 Sep 2002, Vijay Kota wrote:
> 
> > That would seem like the logical interpretation but Microsoft works in
> > mysterious ways :-)
> > 
> > Btw, I tried 0x6B because I saw it consistently in traces between my
> > Win2K clients and Win2K PDC (to see it, netbios name should have an
> even
> > length) Not sure if this is just because of some configuration issue
> > though - which is why I was hoping you could cross-check for me ;-)
> 
> Are you sure it is not simply padding? Any mention of even vs odd
> NetBIOS 
> names makes me think of padding.
> 
> Can you extract the relevant packets and post them to us?
> 
> 
> Regards
> -----
> Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org, 
> sharpe at ethereal.com
> 

-- 
Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org, 
sharpe at ethereal.com

More information about the samba-technical mailing list