Samba 4 and authentication in an NT4 domain ...
Richard Sharpe
rsharpe at richardsharpe.com
Tue Apr 5 18:10:30 GMT 2005
Despite Metze's commit that mentioned working with NT, I am still having
problems authenticating with an NT4 PDC, and the error message indicates
that the problem is still with dcerpc_netr_ServerAuthenticate2.
If I make this change, things work:
===================================================================
--- auth/auth_domain.c (revision 6218)
+++ auth/auth_domain.c (working copy)
@@ -76,7 +76,7 @@
/* We like schannel */
b->flags &= ~DCERPC_AUTH_OPTIONS;
- b->flags |= DCERPC_SCHANNEL_WORKSTATION | DCERPC_SEAL |
DCERPC_SCHANNEL_128;
+ b->flags |= DCERPC_SCHANNEL_WORKSTATION | DCERPC_SEAL; /* |
DCERPC_SCHANNEL_128;*/
/* Setup schannel */
status = dcerpc_pipe_connect_b(mem_ctx, &p, b,
Index: ntvfs/posix/pvfs_search.c
===================================================================
However, what I think I need to do is to modify step 3 in
dcerpc_schannel_key so that if it gets ACCESS_DENIED, and (p->conn->flags
& DCERPC_SCHANNEL_128) was true, we retry the steps associated with
ServerAuthenticate2 with negotiate_flags being set to
NETLOGON_NEG_AUTH2_FLAGS before giving up ...
Does anyone have any comments?
Regards
-----
Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
More information about the samba-technical
mailing list