Samba4 as a member server against an NT4 PDC
Richard Sharpe
rsharpe at richardsharpe.com
Sat Apr 2 00:08:28 GMT 2005
On Sat, 2 Apr 2005, Andrew Bartlett wrote:
> > OK, so I forced the negotiate_flags to 0x1FF at the appropriate point, and
> > now we get past the ServerAuthenticate2 request, but things went to hell
> > in a handbasket after that (SMB_PANIC ...)
>
> This is the issue with being unable to map these SIDs to posix
> identities? We need idmap (no, not again!), but in the meantime we can
> have as-root access by setting 'ntvfs handler = default' rather than the
> default of 'ntvfs handler = unixuid default'.
Well, I am not entirely sure what you mean here, but part of the problem
seems to be that even though we responded with STATUS_LOGON_FAILURE to
Windows, we included a non-zero User ID (which we got from the vuid), so
Windows sent us a Logoff&X.
We crashed trying to dereference req->session->session_info->security
because there is actually no session info, it seems, at this point.
> For my work with Samba4, I'm looking to develop a 'everybody is nobody'
> solution (which is all the particular task I have requires). But adding
> a real idmap shouldn't be too hard however...
>
> > Perhaps we need to fall back at appropriate points, or perhaps there is
> > some way to tell Samba not to use NETLOGON_NEG_AUTH2_ADS_FLAGS or
> > DCERPC_SCHANNEL_128.
>
> We should be falling back - I'll work on that logic.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Student Network Administrator, Hawker College http://hawkerc.net
>
Regards
-----
Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
More information about the samba-technical
mailing list