samba - Oct 1997 - NT domain logon questions

Hi.  Myself and a anti-Micro$oft companion tried to get 
NT domain logons working yesterday and seem pretty close, but
not quite.

Samba is 1.9.18alpha3, server is an Ultra-2 running SunOS 5.5.1.

Encrypted passwords seem to be working, a la smbclient and mostly
from NT, "mostly" because it *seemed* to be working but we did
have some problems with home directories in smbpasswd changing
and smbd not recognizing it.  But that's really of no concern
at the moment :)

When we try to join the domain OURDOM (was NTFREE, now's it NITWIT)
the NT 4 WS hangs for a bit and then says "The domain server could
not be located."

Samba writes a lot of stuff to the log file, and most of it 
really isn't very interesting to me, but the following seemed
like an *error* that didn't seem covered in any of the docs
I've/we've looked at.

5C 50 49 50 45 5C 6C 73   61 72 70 63  0   \PIPE\ls  arpc.
switch message SMBopenX (pid 6706)
Skipping become_user - already user
Opening pipe \PIPE\lsarpc.
Known pipe lsarpc opening.
unix_clean_name [lsarpc]
is_in_path: lsarpc
is_in_path: no name list.
unix_clean_name [lsarpc]
dos_mode: 12 lsarpc
is_in_path: lsarpc
is_in_path: no name list.
dos_mode returning r
10/22/97 17:02:12 error packet at line 146 cmd=45 (SMBopenX) eclass=1 ecode=5
error string = Permission denied


So I guess my only question at the moment would be, "is the above
normal behavior?"  

Hopefully we'll have our logs a little more together soon.  
Thanks for any suggestions anyone might have... we're
so close... yet so far...

- edan

On Thu, 23 Oct 1997, Edan Idzerda wrote:
> 
> Hi.  Myself and a anti-Micro$oft companion tried to get 
> NT domain logons working yesterday and seem pretty close, but
> not quite.
darn :)
 
> Samba is 1.9.18alpha3, server is an Ultra-2 running SunOS 5.5.1.
> When we try to join the domain OURDOM (was NTFREE, now's it NITWIT)
> the NT 4 WS hangs for a bit and then says "The domain server could
> not be located."
yep.
 
> Samba writes a lot of stuff to the log file, and most of it 
> really isn't very interesting to me, but the following seemed
> like an *error* that didn't seem covered in any of the docs
> I've/we've looked at.
um...
 
> 5C 50 49 50 45 5C 6C 73   61 72 70 63  0   \PIPE\ls  arpc.
> switch message SMBopenX (pid 6706)
> Skipping become_user - already user
> Opening pipe \PIPE\lsarpc.
> Known pipe lsarpc opening.
> unix_clean_name [lsarpc]
> is_in_path: lsarpc
> is_in_path: no name list.
> unix_clean_name [lsarpc]
> dos_mode: 12 lsarpc
> is_in_path: lsarpc
> is_in_path: no name list.
> dos_mode returning r
> 10/22/97 17:02:12 error packet at line 146 cmd=45 (SMBopenX) eclass=1
ecode=5
> error string = Permission denied
read the 1.9.18alpha3/docs/NTDOMAIN.txt file, in which it mentions that
you should do: 

	touch /tmp/lsarpc
	touch /tmp/NETLOGON
	touch /tmp/srvsvc

	chmod 666 /tmp/lsarpc
	chmod 666 /tmp/NETLOGON
	chmod 666 /tmp/srvsvc

this is clearly a security risk, i have been told (ln -s /tmp/lsarpc 
/etc/rc.boot/some_file and when running samba, get some_file wiped out) 
so watch out.
 
> 
> So I guess my only question at the moment would be, "is the above
> normal behavior?"  
yep.
 
> Hopefully we'll have our logs a little more together soon.  
> Thanks for any suggestions anyone might have... we're
> so close... yet so far...
what can i say.  oh, yes.  if your domain is only three letters long (e.g
"CB1"), there's a problem with the LSA_QUERYINFOPOLICY response,
which
prevents you from getting "Welcome to the CB1 Domain".  i think. but i
haven't been able to get a packet trace of it, yet.

luke


<a href = "mailto:lkcl@switchboard.net"  > Luke Kenneth Casson
Leighton </a>
<a href = "http://mailhost.cb1.com/~lkcl"> Lynx2.7-friendly Home
Page   </a>
<br><b>   "Apply the Laws of Nature to your environment because
your
           environment applies the Laws of Nature to you"              
</b>