Prev: shadow_copy2 prob? FSCTL..GET..DATA: max_data_count(114) too small (118) bytes needed!
Next: Using the 'WatchSubDirectories' setting in a .NET FileSystemWatcher with a Samba Share
From: Christoph Theis on 6 Feb 2010 07:40 Hello, I don't know if this is the right list to discuss this topic. I have a FreeBSD (virtual) machine running Samba 4 alpha 11 which acts as a AD and another (virtual) machine running Windows 2000 which is a domain member. When a program on the W2k machine calls LookupAccountName to translate an user name to the SID this translates roughly to the following steps: - Setup a SMB session with the credentials of the service account - Call bind to create an unsecure channel - Call lsa_OpenPolicy2 to obtain a policy handle - Call bind again to create a secure channel - Call lsa_QueryInfoPolicy to obtain domain info The last call fails because Samba finds the policy handle but the SID stored with the handle (the SID of the system account) does not match the SID of the lsa_QueryInfoPolicy call (S-1-5-7 aka Anonymous). I don't know what a correct behaviour would be: That the handle does not have any SID stored with it because it was obtained via an unauthenticated call or if the credentials of the bind calls shall be used to secure the channel only and the lsa_QueryInfoPolicy call shall have the credentials from the session setup. If necessary I can file a bug report and / or provide a pcap file. -- Best regards, Christoph mailto:theis.news(a)gmx.at -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |