Samba4 as a member server against an NT4 PDC

Richard Sharpe rsharpe at
Sat Apr 2 00:08:28 GMT 2005

On Sat, 2 Apr 2005, Andrew Bartlett wrote:

> > OK, so I forced the negotiate_flags to 0x1FF at the appropriate point, and
> > now we get past the ServerAuthenticate2 request, but things went to hell
> > in a handbasket after that (SMB_PANIC ...)
> This is the issue with being unable to map these SIDs to posix
> identities?  We need idmap (no, not again!), but in the meantime we can
> have as-root access by setting 'ntvfs handler = default' rather than the
> default of 'ntvfs handler = unixuid default'.

Well, I am not entirely sure what you mean here, but part of the problem
seems to be that even though we responded with STATUS_LOGON_FAILURE to
Windows, we included a non-zero User ID (which we got from the vuid), so
Windows sent us a Logoff&X.

We crashed trying to dereference req->session->session_info->security
because there is actually no session info, it seems, at this point.

> For my work with Samba4, I'm looking to develop a 'everybody is nobody'
> solution (which is all the particular task I have requires).  But adding
> a real idmap shouldn't be too hard however...
> > Perhaps we need to fall back at appropriate points, or perhaps there is
> > some way to tell Samba not to use NETLOGON_NEG_AUTH2_ADS_FLAGS or
> We should be falling back - I'll work on that logic.
> Andrew Bartlett
> --
> Andrew Bartlett                      
> Authentication Developer, Samba Team 
> Student Network Administrator, Hawker College

Richard Sharpe, rsharpe[at], rsharpe[at],

More information about the samba-technical mailing list