[PATCH] Joining a Windows Server 2008 (Longhorn)

Rafal Szczesniak mimir at samba.org
Wed Jan 30 12:38:38 GMT 2008 

On Wed, Jan 30, 2008 at 11:18:49AM +1100, Andrew Bartlett wrote:
> 
> On Mon, 2008-01-28 at 18:47 +0100, Rafal Szczesniak wrote:
> > On Sat, Jan 26, 2008 at 12:43:14PM -0600, Gerald (Jerry) Carter wrote:
> > > >> Andreas Schneider wrote:
> > > >>> he tested on Fedora8. Could the kerberos library be
> > > >>> the problem?
> > > >> Any you are on openSUSE 10.?  or SLE[SD]?  I'll test FC8 right
> > > >> now and retest openSUSE 10.3.
> > > >> cheers, jerry
> > > >>
> > > > It was FC8 - (thanks Andreas). I've been traveling today so I have not
> > > > taken a closer look at it yet myself. Let me know how you get on. I am
> > > > working tomorrow and I will take a look at it if the problem is still
> > > > outstanding.
> > > 
> > > Very strange.  openSUSE 10.3 works.  FC8 and Ubuntu Gutsy fail.
> > > Since we are doing our own cryto here, I don't see how system
> > > libraries could really affect us.  And in fact FC8 and openSUSE 10.3
> > > have the same krb5 libs version (minus any vendor patches).
> > 
> > NT_STATUS_WRONG_PASSWORD may be returned not only because the password buffer
> > encoding is broken, but also because password doesn't meet complexity (or
> > other policy-related) criteria.
> > While crypto stuff shouldn't be a problem - as Jerry pointed we do it on
> > our own, perhaps complexity is ? I'm just speculating here, because I'm in
> > a middle of downloading win2k8 iso for testing. I haven't tried it out yet.
> 
> There are other errors for that.  This is simply the AES session key
> being longer than we expected.

Yes, I know that. I've seen NT_STATUS_PASSWORD_RESTRICTION too, but I have also
seen a description (I can't remember a url, right now) that WRONG_PASSWORD
can be returned due to invalid password buffer encoding and the password itself.

It's clear now, anyway.


cheers,
-- 
Rafal Szczesniak
Samba Team member   http://www.samba.org
Likewise Software   http://www.likewisesoftware.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20080130/486e478e/attachment.bin

More information about the samba-technical mailing list