[Samba] Fwd: Unable to change passwords from Win XP Pro clients
Eleuterio Contracampo
econtracampo at gmail.com
Wed Apr 26 16:58:54 UTC 2017
Thank you for your feedback. I'm afraid it did not work either.
-EC
On Tue, Apr 25, 2017 at 1:50 PM, Gaiseric Vandal via samba <
samba at lists.samba.org> wrote:
> I think the "client ip signing options" don't matter on the domain
> controller, since the domain controller is not functioning as a server.
> (If this was a samba member server, then it would matter.)
>
>
> You MAY want to try
>
> server signing = no
>
>
>
>
>
>
> On 04/25/17 12:14, Eleuterio Contracampo via samba wrote:
>
>> Just a follow-up. Still, no resolution. I've tried different combinations
>> with "client ipc signing" without luck.
>>
>> A traffic dump shows the problem as:
>>
>> i) windows XP client sends a DCE/RPC SAMR command GetDomPwInfo
>>
>> ii) samba DC responds with DCE/RPC Fault nca_proto_error
>>
>> I've also tried fiddling with Local Security Policy registry values at the
>> Win XP machine, but got nothing good out of it.
>>
>> Any more ideas to explore?
>>
>> Thanks in advance
>> -EC
>>
>> On Fri, Apr 21, 2017 at 1:50 PM, Eleuterio Contracampo <
>> econtracampo at gmail.com> wrote:
>>
>> Thank you once again! I'll research that link, and let everyone interested
>>> know about the results.
>>>
>>> EC
>>>
>>> On Fri, Apr 21, 2017 at 12:50 PM, Rowland Penny via samba <
>>> samba at lists.samba.org> wrote:
>>>
>>> On Fri, 21 Apr 2017 12:00:59 -0400
>>>> Eleuterio Contracampo via samba <samba at lists.samba.org> wrote:
>>>>
>>>> [2017/04/21 12:47:55.219297, 0]
>>>>> ../auth/gensec/gensec.c:257(gensec_verify_dcerpc_auth_level)
>>>>>
>>>>> Did not manage to negotiate mandetory feature SIGN for dcerpc
>>>>> auth_level 6
>>>>>
>>>>> I think you may be running into an artefact of the badlock patches, for
>>>> which Win7 will have received patches, but there are no patches for XP
>>>> as it is no longer supported.
>>>>
>>>> Try setting 'client ipc signing =' to 'auto' or 'disabled', but note
>>>> this will affect win7 as well.
>>>>
>>>> See here, for more info:
>>>>
>>>> https://wiki.samba.org/index.php/Samba_4.3_Features_added/ch
>>>> anged#CVE-2016-2115:
>>>>
>>>> Rowland
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list