Samba4 as a member server against an NT4 PDC

Richard Sharpe rsharpe at
Fri Apr 1 23:40:51 GMT 2005

On Fri, 1 Apr 2005, Richard Sharpe wrote:

> I am having some problems with a Samba 4 server as a member server against
> an NT4 PDC ...
> I seem to be able to join the domain OK, and good stuff gets put in the
> secrets.ldb, but when I connect from a workstation, the samr_LogonSamLogon
> fails in the NetrServerAuthenticate2 RPC.
> We get back ACCESS_DENIED, and Samba tells me that it failed to setup the
> credentials ...
> The only interesting thing I can see at this point is that the negotiate
> flags on the ServerAuthenticate2 are 0x600FFFFF, while another more
> successful capture I have for an NT4 PDC uses 0x000001FF.

OK, so I forced the negotiate_flags to 0x1FF at the appropriate point, and
now we get past the ServerAuthenticate2 request, but things went to hell
in a handbasket after that (SMB_PANIC ...)

Perhaps we need to fall back at appropriate points, or perhaps there is
some way to tell Samba not to use NETLOGON_NEG_AUTH2_ADS_FLAGS or

Richard Sharpe, rsharpe[at], rsharpe[at],

More information about the samba-technical mailing list