[NTSEC] NTDOM: negotiating either RC4 _or_ some other crypt m echanism

Luke Kenneth Casson Leighton lkcl at switchboard.net
Thu Nov 6 13:57:34 GMT 1997 

On Tue, 4 Nov 1997, Luke Kenneth Casson Leighton wrote:

> ok,
> 
> in my first reply to this, i mentioned that it might be the case that 
> during the "Welcome to the ..... Domain" setup, the workstation account 
> is created (with the initial password).
> 
> unless the workstation name is deduced from the NetBIOS session 
> connection and this is used, i don't believe this to be the case (again, 
> this is all speculation).
> 
> i have seen SMB sessions refused with a specific error message (something 
> like "no NT LOGON account" during the ctrl-alt-delete stage when a user 
> first logs in to a domain.
> 
> also, part of the "Welcome to the .... Domain" setup requires that you
> return a specific error code to an SMB session setup:
> 
> 	(NT_STATUS_ALLOTTED_SPACE_EXCEEDED - 0xC000 0099...)
> 
> if you do not do this, you will get "error: you are already a member of 
> the domain.  please unjoin domain first".  or some-such.
> 
> 
> this has me a bit stumped: when exactly do you create the WORKSTATION$
> account with the initial default password of workstation?  does it matter?

i appear to be answering my own questions.  the answer to this one is:  the
workstation opens the MSRPC \PIPE\samr, and does LSA_OPENSECRET (opnum 0x07),
unidentified opnum 0x11, unidentified opnum 0x22, LSA_LOOKUPSIDS,
LSA_LOOKUPNAMES, LSA_CLOSESECRET (opnum 0x01) and a few others.

this is triggered by typing in an administrator username / password for the
domain that you wish the user to join.  this procedure is required the first
time anyone attempts to join the domain from that workstation (the procedure
creates a WORKSTATION$ account and allocates the workstation a RID.  the
initial password of course is WORKSTATION).

[substitute the correct workstation name for WORKSTATION, of course...]

the documentation cifsntdomain.txt is incomplete on this point, and so is the
implementation in samba.  i will update both once i understand this better. 


luke


<a href="mailto:lkcl at switchboard.net"  > Luke Kenneth Casson Leighton </a>
<a href="http://mailhost.cb1.com/~lkcl"> Lynx2.7-friendly Home Page   </a>
<br><b> "Apply the Laws of Nature to your environment because your
         environment applies the Laws of Nature to you"               </b>

More information about the samba mailing list