[PATCH 1/2] Set os attribute and version during domain join
Matthew Geddes
musicalcarrion at gmail.com
Wed Mar 21 20:25:54 GMT 2007
Just as a test, I modified libsmb/cliconnect.c to report the same OS
strings as Windows NT 4.0 (which I confirmed with Wireshark) and
rebuilt/restarted winbindd. It didn't magically update itself. This
probably shows that it's not some sneaky little strcmp() in Windows'
SessionSetupAndX reply code. I couldn't find any other instances of the
same string in the captures I did.
The NT machine did change the machine password at boot time in the
packet captures I took. It was using netlogon schannel, so wireshark's
not showing me much. I might try again at some point with that disabled.
If anyone is in a position to install a service pack for on a recent
Windows OS domain member and capture packets sent to the PDC as it
reboots, that would be pretty useful. libpcap format with a snaplen of
0, if possible. :-)
Also, I didn't see my previous message come back from the list, so I've
left the text at the bottom in case it had something to do with the
attachments. I can send the packet captures to anyone that wants them.
>>
>> Nope. :-) I've got about four things in the hopper right
>> now. I'll get a trace once I can clear the 3.0.25pre2 release
>> off my plate. Probably will be tomorrow.
>
> No worries. I'm happy to take this one over, if you like. I've already
> spent time looking at it and I think we're both heading in the same
> direction. I'll keep the list informed with my progress, so if you
> have a chance to answer questions and offer suggestions/abuse, that'd
> be great. :-)
>
> I reproduced the same scenario and grabbed some packet captures. I've
> attached them both, as they're only 20k each. Hope that's OK. Here's
> exactly how I reproduced it:
>
> - Make sure that the NT machine didn't have an account in the domain
> (controlled by a single 2k3 host)
> - Start capturing traffic on the DC. It's all in VMWare with only two
> hosts started, so there should only be relevant packets in the captures.
> - Join NT machine to the domain using a user called domadd which is a
> normal user that also sports SeMachineAccountPrivilege
> - Stop the capture and save it (NTServerJoin2K3.pcap)
> - confirm that the machine account in Active Directory doesn't have
> the OS or OS Version attributes set
> - Reboot the NT machine (NT Server 4.0 SP6-something)
> - Capture packets from the DC
> - Confirm existence of attributes in AD object
> - Stop and save capture (NTServerBootAfterJoin2K3.pcap)
>
> I haven't looked at these yet, but thought I'd provide them early in
> case anyone else is interested at all. :-)
>
> thx,
> Matt
>
More information about the samba-technical
mailing list