unknown RPC opcodes during join+logon

Luke Howard lukeh at PADL.COM
Thu Sep 19 20:03:00 GMT 2002

>But here are the results I got with changes to Samba:
>	Odd name: <credential><4-byte flags = 0x0007ffff>: Access Denied
>	Even name: <credential>,0x6B,0,<flags=0x0007ffff>: Access Denied
>	Odd name: <credential><flags = 0x000001ff>:
>		Success but "servicePrincipalName" attribute in Active
>		Directory disappears
>	Even name: <credential>,0x6B,0,<flags=0x000001ff>:
>		Success but "servicePrincipalName" attribute in Active
>		Directory disappears

I'm ont sure about the 0x6B but I would think that servicePrincipalName 
disappearing would have something to do with Active Directory presuming
that downlevel clients (which negotiate 0x1ff) do not support Kerberos,
and thus do not have a servicePrincipalName. You might try using the
altSecurityIdentities attribute instead, eg:

altSecurityIdentities: Kerberos:cifs/foobar.windows2000.spinnakernet.com

-- Luke

Luke Howard | PADL Software Pty Ltd | www.padl.com

More information about the samba-technical mailing list