[PATCH] Re: netlogon_creds_cli_validate() in master4-schannel
Garming Sam
garming at catalyst.net.nz
Sun Dec 8 17:09:38 MST 2013
On 07/12/13 00:43, Stefan (metze) Metzmacher wrote:
> Hi Garming,
>
>> + sudo bin/net rpc join -S 192.168.122.249 -Uroot%password12#
>> No realm has been specified! Do you really want to join an Active
>> Directory server?
>> netlogon_creds_cli_ServerPasswordSet failed:
>> NT_STATUS_INVALID_PARAMETER_MIX
>> No realm has been specified! Do you really want to join an Active
>> Directory server?
>> netlogon_creds_cli_check failed with NT_STATUS_NOT_IMPLEMENTED
>> libnet_join_ok: failed to open schannel session on netlogon pipe to
>> server 192.168.122.249 for domain S3. Error was NT_STATUS_NOT_IMPLEMENTED
>> Failed to join domain: failed to verify domain membership after joining:
>> Not implemented
> I've fixed the NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE and
> NT_STATUS_NOT_IMPLEMENTED
> code pathes in netlogon_creds_cli_check_caps(). I also added some comments.
>
> I also check result in netlogon_creds_cli_auth_srvauth_done() before the
> downgrade check.
>
> I've updated my
> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-schannel-ok
> branch.
>
> Can you reset with the new code. It would be good to know if
> netlogon_creds_cli_ServerPasswordSet
> still reports NT_STATUS_INVALID_PARAMETER_MIX.
>
> metze
>
Hi,
I tried out your new code and it joins just fine to the 3.5 domain with
the net rpc join command that I used previously.
As for the NT_STATUS_INVALID_PARAMETER_MIX error, I connected with
rpcclient to the domain.
I ran this command and the invalid parameter mix error appears:
sudo bin/rpcclient ncacn_np:ubuntumachine -Uroot%password12# -c
change_trust_pw
It seems to come from this piece of code:
function: netlogon_creds_cli_ServerPasswordSet_send in
libcli/auth/netlogon_creds_cli.c
line number: 1674
dcerpc_binding_handle_auth_info(state->binding_handle,
&state->auth_type,
&state->auth_level);
switch (state->auth_level) {
case DCERPC_AUTH_LEVEL_INTEGRITY:
case DCERPC_AUTH_LEVEL_PRIVACY:
break;
default:
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
return tevent_req_post(req, ev);
}
Cheers,
Garming Sam
More information about the samba-technical
mailing list