Smb multi-sessions, samba3.0.2pre1
abartlet at samba.org
Tue Jan 20 08:58:37 GMT 2004
On Tue, 2004-01-20 at 19:41, Jianliang Lu wrote:
> > Jianliang Lu said:
> > > A NT interactive logon process will establish 2 connections between the
> > > server and workstation: the first connection is anonymous, and the second
> > > is the domain/user. So at the end we have, for example:
> > > smb_tid = 1, smb_uid = 100 for anonymous
> > > smb_tid = 2, smb_uid = 101 for user
> > A tid is uniqe to a specific session. So in theory you could have:
> > smb_tid = 1, smb_uid = 100 for anonymous
> > smb_tid = 1, smb_uid = 101 for user
> > and this would be perfectly legit. Send me the trace and I will confirm.
> > Mike
> The Tid represents an instance of an authenticated connection to a server
> resource. The server returns Tid to the cient when the client successfully
> connects to a resource, and the client uses Tid in subsequent requests
> referring to the resource.
> In my case, I have anonymous (Tid=1, uid=100) to \\server\IPC$ during the boot
> of the client, and user (Tid=2, uid=101) to \\server\netlogon.
> The wrong thing is why client did a NtCreateAndX to the path \samr with
> Tid=1 (anonymous to IPC$) and uid=101 (user).
> I'll send the trace to you in a separate mail.
This is perfectly normal, and legit. A tree connected under one uid may
be accessed by any other uid, subject to access controls.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040120/304d53c4/attachment.bin
More information about the samba-technical