Samba4 as a member server against an NT4 PDC
Richard Sharpe
rsharpe at richardsharpe.com
Fri Apr 1 23:40:51 GMT 2005
On Fri, 1 Apr 2005, Richard Sharpe wrote:
> I am having some problems with a Samba 4 server as a member server against
> an NT4 PDC ...
>
> I seem to be able to join the domain OK, and good stuff gets put in the
> secrets.ldb, but when I connect from a workstation, the samr_LogonSamLogon
> fails in the NetrServerAuthenticate2 RPC.
>
> We get back ACCESS_DENIED, and Samba tells me that it failed to setup the
> credentials ...
>
> The only interesting thing I can see at this point is that the negotiate
> flags on the ServerAuthenticate2 are 0x600FFFFF, while another more
> successful capture I have for an NT4 PDC uses 0x000001FF.
OK, so I forced the negotiate_flags to 0x1FF at the appropriate point, and
now we get past the ServerAuthenticate2 request, but things went to hell
in a handbasket after that (SMB_PANIC ...)
Perhaps we need to fall back at appropriate points, or perhaps there is
some way to tell Samba not to use NETLOGON_NEG_AUTH2_ADS_FLAGS or
DCERPC_SCHANNEL_128.
Regards
-----
Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
More information about the samba-technical
mailing list