Samba net join procedure query
chitrang.srivastava at gmail.com
Fri Mar 30 06:48:10 MDT 2012
I am trying to understand how a samba client joins to windows domains using
net join utility of samba.
Here is my understanding:
To join a domain, windows server creates account for each machine , Machine
To add a account in windows machine we need accounst credentials and I
guess that's the reason why we give adminitrator user id and password ?
Admin credentials are first verified in SETUP Session SMB Message blob
using (SPNEGO - NTLM SSP AUTH ).
Once that is OK, *lsarpc *IPC is opened using TREE AndX.
The main job of lsarpc is to get *SID *of *domain name(server) *i.e. ,
which will be used later on with SAMR.
Next *SAMR *is used to create Trusted Machine Account, I guess
machine_name is used for account name ?
Series of Messages flows
*I have a doubts here, I see *SetUserInfo2 sets *password, samba client
sends some 516 bytes(512 bytes + last 4 for length ? ) cryptic hash.
What is this hash value ? The whole idea of Trusted Account is , server
knows that he is is talking to intended client only.
How if someone sniff this cryptic hash value ?
Next I see it uses *NetLogon* IPC and invokes *NetrServerReqChallenge*
What is the purpose of this ? To Authenticate the newly created trusted
machine account ?
*Samba Gurus needs your advise, checked WSPP documents but didn't find much
document on Windows Logon procedure internals.
More information about the samba-technical