Samba4 as a member server against an NT4 PDC

Andrew Bartlett abartlet at
Fri Apr 1 23:51:09 GMT 2005

On Fri, 2005-04-01 at 15:00 -0800, Richard Sharpe wrote:
> Hi,
> I am having some problems with a Samba 4 server as a member server against
> an NT4 PDC ...
> I seem to be able to join the domain OK, and good stuff gets put in the
> secrets.ldb, but when I connect from a workstation, the samr_LogonSamLogon
> fails in the NetrServerAuthenticate2 RPC.

I'm presuming that you have set 'auth methods = guest, domain' or
something like that?  It's not like I got around to documenting this
yet :-)

You have to set 'password server = ncacn_np:server' (it's used as a
binding string for now).  But this much you seem to have got already.

> We get back ACCESS_DENIED, and Samba tells me that it failed to setup the
> credentials ...
> The only interesting thing I can see at this point is that the negotiate
> flags on the ServerAuthenticate2 are 0x600FFFFF, while another more
> successful capture I have for an NT4 PDC uses 0x000001FF.
> Has anyone had success with this?

The negotiate flags are setup for 128 bit, and schannel.  I'll have to
drag out my NT4 image (I tested with win2k3) and see what we mess up -
it should negotiate down to 56bit, but something else might be wrong.

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list