Moritz Mühlenhoff muehlenhoff at
Thu Jul 19 12:04:27 GMT 2007

Moritz Mühlenhoff wrote:
> we noticed a problem with domain joins on Windows NT4 when using the LDAP
> backend. This is a different issue than the one solved with the patch
> referenced in
> Apparently the value is taken directly from the SAMR_SET_USERINFO packet,
> as 0x201 results in 513.
> [2007/06/27 00:30:25, 5] rpc_parse/parse_prs.c:prs_uint32(704)
>               00bc group_rid     : 00000201
> However, if compared with a Windows XP client no such RID is passed from
> Windows:
> [2007/04/21 04:04:21, 5] rpc_parse/parse_prs.c:prs_uint32(704)
>               00bc group_rid     : 00000000
> This didn't cause problems up to 3.0.22, but with later versions (likely
> caused by the user and group changes in 3.0.23) this results in NT4 clients
> no longer being able to join (at least with the LDAP backend).

FWIW; with attached patch - which simply omits the group_rid information from 
SAMR_SET_USERINFO packets - domain joins of NT4 systems are again possible.
We didn't notice any side effects with other Windows version in a large 
installation for some time now.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: nt-join-fix.patch
Type: text/x-diff
Size: 811 bytes
Desc: not available
Url :

More information about the samba-technical mailing list