[Samba] Fwd: Unable to change passwords from Win XP Pro clients
Gaiseric Vandal
gaiseric.vandal at gmail.com
Tue Apr 25 17:50:33 UTC 2017
I think the "client ip signing options" don't matter on the domain
controller, since the domain controller is not functioning as a server.
(If this was a samba member server, then it would matter.)
You MAY want to try
server signing = no
On 04/25/17 12:14, Eleuterio Contracampo via samba wrote:
> Just a follow-up. Still, no resolution. I've tried different combinations
> with "client ipc signing" without luck.
>
> A traffic dump shows the problem as:
>
> i) windows XP client sends a DCE/RPC SAMR command GetDomPwInfo
>
> ii) samba DC responds with DCE/RPC Fault nca_proto_error
>
> I've also tried fiddling with Local Security Policy registry values at the
> Win XP machine, but got nothing good out of it.
>
> Any more ideas to explore?
>
> Thanks in advance
> -EC
>
> On Fri, Apr 21, 2017 at 1:50 PM, Eleuterio Contracampo <
> econtracampo at gmail.com> wrote:
>
>> Thank you once again! I'll research that link, and let everyone interested
>> know about the results.
>>
>> EC
>>
>> On Fri, Apr 21, 2017 at 12:50 PM, Rowland Penny via samba <
>> samba at lists.samba.org> wrote:
>>
>>> On Fri, 21 Apr 2017 12:00:59 -0400
>>> Eleuterio Contracampo via samba <samba at lists.samba.org> wrote:
>>>
>>>> [2017/04/21 12:47:55.219297, 0]
>>>> ../auth/gensec/gensec.c:257(gensec_verify_dcerpc_auth_level)
>>>>
>>>> Did not manage to negotiate mandetory feature SIGN for dcerpc
>>>> auth_level 6
>>>>
>>> I think you may be running into an artefact of the badlock patches, for
>>> which Win7 will have received patches, but there are no patches for XP
>>> as it is no longer supported.
>>>
>>> Try setting 'client ipc signing =' to 'auto' or 'disabled', but note
>>> this will affect win7 as well.
>>>
>>> See here, for more info:
>>>
>>> https://wiki.samba.org/index.php/Samba_4.3_Features_added/ch
>>> anged#CVE-2016-2115:
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>
More information about the samba
mailing list