Samba4 as a member server against an NT4 PDC

Richard Sharpe rsharpe at
Fri Apr 1 23:49:17 GMT 2005

On Sat, 2 Apr 2005, Andrew Bartlett wrote:

> > I seem to be able to join the domain OK, and good stuff gets put in the
> > secrets.ldb, but when I connect from a workstation, the samr_LogonSamLogon
> > fails in the NetrServerAuthenticate2 RPC.
> I'm presuming that you have set 'auth methods = guest, domain' or
> something like that?  It's not like I got around to documenting this
> yet :-)

Yes, I set "auth methods = domain". I guess I can add guest ...

> You have to set 'password server = ncacn_np:server' (it's used as a
> binding string for now).  But this much you seem to have got already.

Yeah, I figured that one out :-)

> > We get back ACCESS_DENIED, and Samba tells me that it failed to setup the
> > credentials ...
> >
> > The only interesting thing I can see at this point is that the negotiate
> > flags on the ServerAuthenticate2 are 0x600FFFFF, while another more
> > successful capture I have for an NT4 PDC uses 0x000001FF.
> >
> > Has anyone had success with this?
> The negotiate flags are setup for 128 bit, and schannel.  I'll have to
> drag out my NT4 image (I tested with win2k3) and see what we mess up -
> it should negotiate down to 56bit, but something else might be wrong.

OK, thanks for the clue ... I will see how far I can get ...

Richard Sharpe, rsharpe[at], rsharpe[at],

More information about the samba-technical mailing list