ncacn_np NETLOGON with workstation trust account ok?
Michael B Allen
ioplex at gmail.com
Wed Jun 17 21:15:58 GMT 2009
On Wed, Jun 10, 2009 at 4:15 PM, Gerald Carter<jerry at samba.org> wrote:
> Michael B Allen wrote:
>
>> NetrServerReqChallenge/NetrServerAuthenticate2 and then
>> SESSION_SETUP_ANDX/TREE_CONNECT_ANDX as anonymous to IPC$ is all
>> successful. But when we then try to do NT_CREATE_ANDX as anonymous on
>> /netlogon we get "Access denied".
> ...
>> Is there a way to do Secure Channel over ncacn_np
>> without using anonymous?
>
> Pretty sure you don't need a second session, just a second
> pipe open. And I'm also pretty sure that this doesn't have
> to be anonymous.
You're right.
I don't know why I did the second NT_CREATE_ANDX as anonymous. I
thought maybe I copied the behavior from winbind since it uses named
pipes too but looking at a capture of that again I can see it just
uses the service account session for both.
Anyway thanks. It sounds like I just have to nix the extra session jazz.
Mike
More information about the samba-technical
mailing list