On Thu, 2003-02-13 at 01:30, Nik Conwell wrote: > > On Thu, 30 Jan 2003, Andrew Bartlett wrote: > > > > On Thu, 2003-01-30 at 23:32, Nik Conwell wrote: > > > > > > Anybody seeing a scenario like this? > > > > > > net ads join adds our machine entry to AD just fine. > > > > > > The machine entry object in the AD database has: > > > > > > OperatingSystem "Samba" > > > OperatingSystemVersion "post3.0-HEAD" > > > dnsHostname "ourhost" > > > > > > Some time later "something" happened, and AD now has: > > > > > > OperatingSystem "Windows" > > > OperatingSystemVersion "NT 4" > > > dnsHostname is empty. > > > > > > and then authentication to ourhost fails. > > > > Something is doing a NT4 password change. This can occur if > > 'security=domain' is set, rather than 'security=ads'. > > > > Or if 'net rpc changetrustpw' is run. > > Interesting - security=ads is set in the config, and neither of the two of us > who have privs to do the net cmds have run changetrustpw (or knew what it was > before you wrote about it ;-)) > > I have an unverified pet theory that under some circumstances the smbd may think > it's running as security=domain (unable to read the config file due to it being > unmounted - it's on NFS disk - or since the file doesn't have o=r). I'll put > some DEBUG logging statements near change_trust_account_password() to see if > we're somehow getting there. > > Thanks for your help. > -nik
I since looked into this myself - and it's werid! If you make even a single connection to the NETLOGON pipe, to verify an NTLM password with the PDC, your OS gets reset! This occurs during the credentials setup for that pipe - the interesting thing will be to see what Win2k does for that pipe, and to see if we can emulate it. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part