ncacn_np NETLOGON with workstation trust account ok?

Michael B Allen ioplex at
Wed Jun 17 21:15:58 GMT 2009

On Wed, Jun 10, 2009 at 4:15 PM, Gerald Carter<jerry at> wrote:
> Michael B Allen wrote:
>> NetrServerReqChallenge/NetrServerAuthenticate2 and then
>> successful. But when we then try to do NT_CREATE_ANDX as anonymous on
>> /netlogon we get "Access denied".
> ...
>> Is there a way to do Secure Channel over ncacn_np
>> without using anonymous?
> Pretty sure you don't need a second session, just a second
> pipe open. And I'm also pretty sure that this doesn't have
> to be anonymous.

You're right.

I don't know why I did the second NT_CREATE_ANDX as anonymous. I
thought maybe I copied the behavior from winbind since it uses named
pipes too but looking at a capture of that again I can see it just
uses the service account session for both.

Anyway thanks. It sounds like I just have to nix the extra session jazz.


More information about the samba-technical mailing list