Samba net join procedure query

Chitrang Srivastava chitrang.srivastava at
Fri Mar 30 06:48:10 MDT 2012

Hello ,

I am trying to understand how a samba client joins to windows domains using
net join utility of samba.

Here is my understanding:

To join a domain, windows server creates account for each machine , Machine
Trusted Account.
To add a account in windows machine we need accounst credentials and I
guess that's the reason  why we give adminitrator user id and password ?
right ?

Admin credentials are first verified in SETUP Session SMB Message blob

Once that is OK, *lsarpc  *IPC is opened using TREE AndX.
The main job of lsarpc is to get *SID *of *domain name(server)  *i.e. ,
which will be used later on with SAMR.

 Next *SAMR  *is used to create Trusted Machine Account, I guess
machine_name is used for account name ?
Series of Messages flows
*Connect2 ,

*I have a doubts here, I see *SetUserInfo2 sets  *password, samba client
sends some 516 bytes(512 bytes + last 4 for length ? ) cryptic hash.
What is this hash value ? The whole idea of Trusted Account is , server
knows that he is is talking to intended client only.
How if someone sniff this cryptic hash value ?

Next I see it uses *NetLogon* IPC and invokes *NetrServerReqChallenge*
What is the purpose of this ? To Authenticate the newly created trusted
machine account ?

*Samba Gurus needs your advise, checked WSPP documents but didn't find much
document on Windows Logon procedure internals.


More information about the samba-technical mailing list