Anonymous rpc with windows 2000 server and 3.0.0rc1
Javid Abdul-AJAVID1
abduljavid at motorola.com
Fri Aug 29 19:43:46 GMT 2003
John u sure blaster patch did it?
I guess anonymous restriction was not related to this rpc change.
-----Original Message-----
From: John Rogers [mailto:cifsfan at yahoo.com]
Sent: Friday, August 29, 2003 2:40 PM
To: samba-technical at lists.samba.org
Subject: Anonymous rpc with windows 2000 server and 3.0.0rc1
It seems that after the Microsoft Patch Windows2000-KB823980-x86-ENU.exe(in response to MBlaster), this registry key value has changed:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Value name: restrictanonymous
Value data: 2
On my Windows 2000 Server SP3. Now I am unable to
complete several rpc operations, such as net rpc info
-w [DOMAIN] and net rpc join with samba 3.0.0rc1. I
get the following error messge:
Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED
Anyone have any help on how to solve this issue. I
would prefer not work work around it by lowering the security,now that these nasty bunch of virusese are on the loose. Below is the command with debug on. Thanks,
cifsfan
[root at fish bin]# ./net rpc info -d 5 -w [DOMAIN]
[2003/08/29 12:32:37, 5]
lib/debug.c:debug_dump_status(359)
INFO: Current debug levels:
all: True/5
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
[2003/08/29 12:32:37, 3]
param/loadparm.c:lp_load(3907)
lp_load: refreshing parameters
[2003/08/29 12:32:37, 3]
param/loadparm.c:init_globals(1301)
Initialising global parameters
[2003/08/29 12:32:37, 3]
param/params.c:pm_process(566)
params.c:pm_process() - Processing configuration
file "/usr/local/samba/lib/smb.conf"
[2003/08/29 12:32:37, 3]
param/loadparm.c:do_section(3410)
Processing section "[global]"
doing parameter workgroup = [DOMAIN]
doing parameter netbios name = fish
[2003/08/29 12:32:37, 4]
param/loadparm.c:handle_netbios_name(2711)
handle_netbios_name: set global_myname to: FISH
doing parameter local master = no
doing parameter wins server = 192.168.0.3
doing parameter security = domain
doing parameter encrypt passwords = yes
doing parameter password server = [MYSERVER]
doing parameter username map = /etc/samba/smbusers
doing parameter socket options = TCP_NODELAY
SO_SNDBUF=8192 SO_RCVBUF=8192
doing parameter log level = 2
[2003/08/29 12:32:37, 4]
param/loadparm.c:lp_load(3939)
pm_process() returned Yes
[2003/08/29 12:32:37, 5]
lib/charcnv.c:charset_name(74)
Substituting charset 'ISO-8859-1' for LOCALE
[2003/08/29 12:32:37, 5]
lib/charcnv.c:charset_name(74)
Substituting charset 'ISO-8859-1' for LOCALE
[2003/08/29 12:32:37, 5]
lib/charcnv.c:charset_name(74)
Substituting charset 'ISO-8859-1' for LOCALE
[2003/08/29 12:32:37, 5]
lib/charcnv.c:charset_name(74)
Substituting charset 'ISO-8859-1' for LOCALE
[2003/08/29 12:32:37, 5]
lib/charcnv.c:charset_name(74)
Substituting charset 'ISO-8859-1' for LOCALE
[2003/08/29 12:32:37, 5]
lib/charcnv.c:charset_name(74)
Substituting charset 'ISO-8859-1' for LOCALE
[2003/08/29 12:32:37, 5]
lib/charcnv.c:charset_name(74)
Substituting charset 'ISO-8859-1' for LOCALE
[2003/08/29 12:32:37, 5]
lib/charcnv.c:charset_name(74)
Substituting charset 'ISO-8859-1' for LOCALE
[2003/08/29 12:32:37, 5]
lib/charcnv.c:charset_name(74)
Substituting charset 'ISO-8859-1' for LOCALE
[2003/08/29 12:32:37, 5]
lib/charcnv.c:charset_name(74)
Substituting charset 'ISO-8859-1' for LOCALE
[2003/08/29 12:32:37, 5] lib/util.c:init_names(270)
Netbios name list:-
my_netbios_names[0]="FISH"
[2003/08/29 12:32:37, 2]
lib/interface.c:add_interface(79)
added interface ip=192.168.0.17
bcast=192.168.255.255 nmask=255.255.0.0
[2003/08/29 12:32:37, 2]
lib/interface.c:add_interface(79)
added interface ip=192.172.0.17
bcast=192.172.255.255 nmask=255.255.0.0
[2003/08/29 12:32:37, 5]
lib/gencache.c:gencache_init(59)
Opening cache file at
/usr/local/samba/var/locks/gencache.tdb
[2003/08/29 12:32:37, 5]
libsmb/namecache.c:namecache_fetch(201)
name [DOMAIN]#1B found.
[2003/08/29 12:32:37, 5]
libsmb/namecache.c:namecache_status_fetch(314)
namecache_status_fetch: key
NBT/[DOMAIN]#1B.20.192.168.0.3 -> [MYSERVER]
[2003/08/29 12:32:37, 3]
libsmb/cliconnect.c:cli_full_connection(1262)
Connecting to host=[MYSERVER] share=IPC$
[2003/08/29 12:32:37, 3]
lib/util_sock.c:open_socket_out(690)
Connecting to 192.168.0.3 at port 445
[2003/08/29 12:32:37, 5]
lib/util_sock.c:print_socket_options(105)
socket option SO_KEEPALIVE = 0
[2003/08/29 12:32:37, 5]
lib/util_sock.c:print_socket_options(105)
socket option SO_REUSEADDR = 0
[2003/08/29 12:32:37, 5]
lib/util_sock.c:print_socket_options(105)
socket option SO_BROADCAST = 0
[2003/08/29 12:32:37, 5]
lib/util_sock.c:print_socket_options(105)
socket option TCP_NODELAY = 1
[2003/08/29 12:32:37, 5]
lib/util_sock.c:print_socket_options(105)
socket option IPTOS_LOWDELAY = 0
[2003/08/29 12:32:37, 5]
lib/util_sock.c:print_socket_options(105)
socket option IPTOS_THROUGHPUT = 0
[2003/08/29 12:32:37, 5]
lib/util_sock.c:print_socket_options(105)
socket option SO_SNDBUF = 16384
[2003/08/29 12:32:37, 5]
lib/util_sock.c:print_socket_options(105)
socket option SO_RCVBUF = 16384
[2003/08/29 12:32:37, 5]
lib/util_sock.c:print_socket_options(105)
socket option SO_SNDLOWAT = 1
[2003/08/29 12:32:37, 5]
lib/util_sock.c:print_socket_options(105)
socket option SO_RCVLOWAT = 1
[2003/08/29 12:32:37, 5]
lib/util_sock.c:print_socket_options(105)
socket option SO_SNDTIMEO = 0
[2003/08/29 12:32:37, 5]
lib/util_sock.c:print_socket_options(105)
socket option SO_RCVTIMEO = 0
[2003/08/29 12:32:37, 5] lib/util.c:show_msg(456)
[2003/08/29 12:32:37, 5] lib/util.c:show_msg(466)
size=176
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=32236
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]= 8 (0x8)
smb_vwv[ 1]=12807 (0x3207)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 65 (0x41)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]= 243 (0xF3)
smb_vwv[11]=29824 (0x7480)
smb_vwv[12]=23004 (0x59DC)
smb_vwv[13]=23584 (0x5C20)
smb_vwv[14]=50030 (0xC36E)
smb_vwv[15]=41985 (0xA401)
smb_vwv[16]= 1 (0x1)
smb_bcc=107
[2003/08/29 12:32:37, 5] lib/util.c:show_msg(456)
[2003/08/29 12:32:37, 5] lib/util.c:show_msg(466)
size=176
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=32236
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]= 8 (0x8)
smb_vwv[ 1]=12807 (0x3207)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 65 (0x41)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]= 243 (0xF3)
smb_vwv[11]=29824 (0x7480)
smb_vwv[12]=23004 (0x59DC)
smb_vwv[13]=23584 (0x5C20)
smb_vwv[14]=50030 (0xC36E)
smb_vwv[15]=41985 (0xA401)
smb_vwv[16]= 1 (0x1)
smb_bcc=107
[2003/08/29 12:32:37, 4]
lib/time.c:get_serverzone(122)
Serverzone is 25200
[2003/08/29 12:32:37, 2]
libsmb/cliconnect.c:cli_session_setup_spnego(593)
Doing spnego session setup (blob length=107)
[2003/08/29 12:32:37, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(618)
got OID=1 2 840 48018 1 2 2
[2003/08/29 12:32:37, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(618)
got OID=1 2 840 113554 1 2 2
[2003/08/29 12:32:37, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(618)
got OID=1 2 840 113554 1 2 2 3
[2003/08/29 12:32:37, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(618)
got OID=1 3 6 1 4 1 311 2 2 10
[2003/08/29 12:32:37, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(625)
got principal=[MYSERVER]$@TECH.LAB
[2003/08/29 12:32:37, 5] lib/util.c:show_msg(456)
[2003/08/29 12:32:37, 5] lib/util.c:show_msg(466)
size=488
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=32236
smb_uid=10242
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 488 (0x1E8)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 371 (0x173)
smb_bcc=445
[2003/08/29 12:32:37, 5] lib/util.c:show_msg(456)
[2003/08/29 12:32:37, 5] lib/util.c:show_msg(466)
size=488
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=32236
smb_uid=10242
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 488 (0x1E8)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 371 (0x173)
smb_bcc=445
[2003/08/29 12:32:37, 3]
libsmb/ntlmssp.c:ntlmssp_client_challenge(486)
Got challenge flags:
[2003/08/29 12:32:37, 3]
libsmb/ntlmssp.c:debug_ntlmssp_flags(39)
Got NTLMSSP neg_flags=0x20890205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_CHAL_TARGET_INFO
NTLMSSP_NEGOTIATE_128
[2003/08/29 12:32:37, 3]
libsmb/ntlmssp.c:ntlmssp_client_challenge(529)
NTLMSSP: Set final flags:
[2003/08/29 12:32:37, 3]
libsmb/ntlmssp.c:debug_ntlmssp_flags(39)
Got NTLMSSP neg_flags=0x20080205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
[2003/08/29 12:32:37, 5] lib/util.c:show_msg(456)
[2003/08/29 12:32:37, 5] lib/util.c:show_msg(466)
size=126
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=32236
smb_uid=10242
smb_mid=3
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 126 (0x7E)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 9 (0x9)
smb_bcc=83
[2003/08/29 12:32:37, 5] lib/util.c:show_msg(456)
[2003/08/29 12:32:37, 5] lib/util.c:show_msg(466)
size=126
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=32236
smb_uid=10242
smb_mid=3
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 126 (0x7E)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 9 (0x9)
smb_bcc=83
[2003/08/29 12:32:37, 5] lib/util.c:show_msg(456)
[2003/08/29 12:32:37, 5] lib/util.c:show_msg(466)
size=35
smb_com=0x75
smb_rcls=34
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=32236
smb_uid=10242
smb_mid=4
smt_wct=0
smb_bcc=0
[2003/08/29 12:32:37, 1]
libsmb/cliconnect.c:cli_full_connection(1322)
failed tcon_X with NT_STATUS_ACCESS_DENIED
[2003/08/29 12:32:37, 1]
utils/net.c:connect_to_ipc_anonymous(179)
Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED [2003/08/29 12:32:37, 2] utils/net.c:main(677)
return code = -1
[root at fish bin]# ./net rpc info -d 3 -w [DOMAIN]
[2003/08/29 12:32:41, 3]
param/loadparm.c:lp_load(3907)
lp_load: refreshing parameters
[2003/08/29 12:32:41, 3]
param/loadparm.c:init_globals(1301)
Initialising global parameters
[2003/08/29 12:32:41, 3]
param/params.c:pm_process(566)
params.c:pm_process() - Processing configuration
file "/usr/local/samba/lib/smb.conf"
[2003/08/29 12:32:41, 3]
param/loadparm.c:do_section(3410)
Processing section "[global]"
[2003/08/29 12:32:41, 2]
lib/interface.c:add_interface(79)
added interface ip=192.168.0.17
bcast=192.168.255.255 nmask=255.255.0.0
[2003/08/29 12:32:41, 2]
lib/interface.c:add_interface(79)
added interface ip=192.172.0.17
bcast=192.172.255.255 nmask=255.255.0.0
[2003/08/29 12:32:41, 3]
libsmb/cliconnect.c:cli_full_connection(1262)
Connecting to host=[MYSERVER] share=IPC$
[2003/08/29 12:32:41, 3]
lib/util_sock.c:open_socket_out(690)
Connecting to 192.168.0.3 at port 445
[2003/08/29 12:32:41, 2]
libsmb/cliconnect.c:cli_session_setup_spnego(593)
Doing spnego session setup (blob length=107)
[2003/08/29 12:32:41, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(618)
got OID=1 2 840 48018 1 2 2
[2003/08/29 12:32:41, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(618)
got OID=1 2 840 113554 1 2 2
[2003/08/29 12:32:41, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(618)
got OID=1 2 840 113554 1 2 2 3
[2003/08/29 12:32:41, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(618)
got OID=1 3 6 1 4 1 311 2 2 10
[2003/08/29 12:32:41, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(625)
got principal=[MYSERVER]$@TECH.LAB
[2003/08/29 12:32:41, 3]
libsmb/ntlmssp.c:ntlmssp_client_challenge(486)
Got challenge flags:
[2003/08/29 12:32:41, 3]
libsmb/ntlmssp.c:debug_ntlmssp_flags(39)
Got NTLMSSP neg_flags=0x20890205
[2003/08/29 12:32:41, 3]
libsmb/ntlmssp.c:ntlmssp_client_challenge(529)
NTLMSSP: Set final flags:
[2003/08/29 12:32:41, 3]
libsmb/ntlmssp.c:debug_ntlmssp_flags(39)
Got NTLMSSP neg_flags=0x20080205
[2003/08/29 12:32:41, 1]
libsmb/cliconnect.c:cli_full_connection(1322)
failed tcon_X with NT_STATUS_ACCESS_DENIED
[2003/08/29 12:32:41, 1]
utils/net.c:connect_to_ipc_anonymous(179)
Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED [2003/08/29 12:32:41, 2] utils/net.c:main(677)
return code = -1
[root at fish bin]#
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
More information about the samba-technical
mailing list