password server (PR#1028)
Andrew Tridgell
samba-bugs at samba.anu.edu.au
Wed Oct 22 00:24:40 GMT 1997
> ...
> BUT every time a connection is attemptesd I see the following messages
> logged:
>
> negprot w/password server as 2625merou
> requin.spc.org.nc rejected the session
> requin.spc.org.nc not connected
>
> WHY is requin refusing the password verification connection from the
> HP-UX box? How can I get the passwords verified by the WindowsNT
> (requin) server so that I dont have to keep smbpasswd up to date?
> Incidentally requin.spc.org.nc is a BDC - does that matter?
The reason it is failing is that requin.spc.org.nc is not a netbios name.
The NT box is refusing the Netbios session request because it doesn't
know the name that it is being called.
You could just use "password server = requin" instead, and possibly
add requin to /etc/hosts if it can`t be resolved without the full name.
You would be much better off upgrading to 1.9.17p4. I rewrote the password
server code for p4 and one of the things I changed was to check for a .
in the name and take the part before the first . as the netbios name. This
is consistent with what smbclient does.
The new code is also a lot cleaner and also fixes a potential security hole
if your NT server is misconfigured (some NT servers were accepting
session setup connections with any password on unknown usernames and not
setting the guest bit in the reply). The new code does a full
NetWkstaUserLogon to verify that the password server really meant yes
when it said yes.
Andrew
More information about the samba
mailing list