Thanks for saving me some time going down a rabbit hole. Still at a loss, get this packet:
226 1970-01-01 00:01:51.853391 192.168.153.156 192.168.56.152 SMB Session Setup AndX Request, NTLMSSP_AUTH, User: CTGDOMAIN\testuser01 Then a load of other traffic between Samba PDC and AD DC which all seems ok (SMB. DCERPC and RPC_NETLOGON packets) then 12 seconds later get the response to packet 226 above and then the DC has rebooted: 274 1970-01-01 00:02:03.425244 192.168.56.152 192.168.153.156 SMB Session Setup AndX Response, Error: STATUS_INTERNAL_ERROR Enabled netlogon max logging ( nltest /dbflag:0x2080ffff ) and see the following in the netlogon.log: 08/10 12:16:41 [LOGON] SamLogon: Network logon of CTGDOMAIN\root from CTGSOL10 Entered 08/10 12:16:41 [SESSION] CTGDOMAIN: NlSessionSetup: Try Session setup 08/10 12:16:41 [SESSION] CTGDOMAIN: NlSetStatusClientSession: Set connection status to 0 08/10 12:16:41 [SESSION] CTGDOMAIN: NlSetStatusClientSession: Set connection status to 0 08/10 12:16:41 [SESSION] CTGDOMAIN: NlSessionSetup: negotiated 400201ff flags rather than 603fbfff 08/10 12:16:41 [SESSION] CTGDOMAIN: NlSessionSetup: Session setup Succeeded Then nothing till the server reboots (also enabled SAM logging but nothing in sam.log) A session using the NT4 domain trust shows the following in netlogon.log: 08/09 14:44:36 [LOGON] SamLogon: Network logon of LIVENT4DOMAIN\testuser01 from GORDIAN-FCB4FE1 Entered 08/09 14:44:36 [SESSION] LIVENT4DOMAIN: NlSessionSetup: Try Session setup 08/09 14:44:37 [CRITICAL] NlSessionSetup: Fall back to Authenticate2 08/09 14:44:37 [SESSION] LIVENT4DOMAIN: NlSetStatusClientSession: Set connection status to 0 08/09 14:44:37 [SESSION] LIVENT4DOMAIN: NlSetStatusClientSession: Set connection status to 0 08/09 14:44:37 [SESSION] LIVENT4DOMAIN: NlSessionSetup: negotiated 400001ff flags rather than 603fbfff 08/09 14:44:37 [SESSION] LIVENT4DOMAIN: NlSessionSetup: Session setup Succeeded 08/09 14:44:37 [LOGON] SamLogon: Network logon of LIVENT4DOMAIN\testuser01 from GORDIAN-FCB4FE1 Returns 0x0 08/09 14:45:04 [LOGON] SamLogon: Network logon of LIVENT4DOMAIN\testuser01 from GORDIAN-FCB4FE1 Entered 08/09 14:45:04 [LOGON] SamLogon: Network logon of LIVENT4DOMAIN\testuser01 from GORDIAN-FCB4FE1 Returns 0x0 Naively, I'm guessing I want to configure Samba so that the session setup is the same as the NT4 i.e. Fall back to Authenticate2 but I honestly do not really know what any of this means and not finding much when searching the web. The NT4 PDC is SP6 and so I'm assuming it's using NTLMv2 which should be the same as Samba (have tried with ntlm auth = Yes and No is smb.conf but doesn't seem to make any diff to behaviour). tim From: Volker Lendecke <volker.lende...@sernet.de> To: Tim Wright <ti...@gordian.co.uk> Cc: samba@lists.samba.org Date: 05/08/2011 12:22 Subject: Re: [Samba] Domain trust between Samba 3.5.9 and Windows 2008 Active Directory crashes lsass.exe which makes AD Domain Controller reboot On Fri, Aug 05, 2011 at 11:47:57AM +0100, Tim Wright wrote: > Have some more information on this - looking at a packet capture of > traffic between the AD DC and the Samba PDC, the last packet it sends is a > "Session Setup AndX Request, NTLMSSP_AUTH" message but the NTLM SSP bit of > the packet has User and Domain set to NULL. Turned up the debug level on > the samba side and see the following in the logs (sorry have include > preamble to final message in case it's of any use in diagnosing the > problem): This is definitely not your problem. Just a standard anonymous session setup. The problem must be MUCH later in the sniff. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen ************************************************************ For further information on Gordian Knot Limited ("Gordian") and/or Theta Corporation ("Theta") please visit our website at http://www.gordian.co.uk or call +44 20 7290 9901. The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient of this e-mail you may not copy, forward, disclose or otherwise use any part of it or any attachment in any way or in any form whatsoever. If you have received this message in error, please notify the sender immediately by telephone or return e-mail and delete it and any attachment(s) from your system. Gordian is a company registered in England with company number 2853833 at the following address Lansdowne House, Berkeley Square, London, W1J 6AB, England. In accordance with the FSA's Rules Theta is Gordian's client. Gordian does not have a client relationship with any other person and does not owe regulatory duties to any other person under the Conduct of Business Rules or other parts of the FSA's Rules. Gordian is not responsible to you for providing the same protections as those afforded to Theta, or for providing advice in relation to investing in Theta. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba