nOn Fri, 7 Nov 1997, Heinrich Rebehn wrote:
> Hi all,
>
> today i tried the NT Domain logon for the first time using
> samba-1.9.18alpha10.
> I had no problem getting the "Welcome to the ANTSMB domain"
message :-))
> and can also login using username and password from smbpasswd.
hooray!!!!
> But after login i first get the message "your roaming profile is
> not available, using a local copy..." and then
oo!
> "D:\WINNT\profiles\rebehn.000\Desktop\I is not accessible.
> The filename directory name or volume label syntax is incorrect"
ok, there's either a bug in the format of the SAM Logon response, _or_
it's using the default location (\\samba_server_\homes\profile)
> If I click on cancel, i get an empty desktop and all i can do is
> press CTRL/ALT/DEL to log out again.
> Some questions:
> 1. Why does NT think i'm using a roaming profile?
because the default configuration options in samba tell it to.
> 2. My user name is rebehn, not rebehn.000
this is a normal problem, even for 1.9.17p4 if you configure your profile
to be stored on a samba server. it can't deal with the time/date stamp
problems, so it creates another copy of your profile, and stores it in
rebehn.000, then rebehn.001, etc.
i think i've seen up to 015 for the guest here at the cafe.......
> 3. in the above error message, the "I" in "\I" looks
strange,
> maybe a garbage character, thus the incorrect syntax.
this is what makes me think that it's a problem with the format of the
SAM Logon response.
>
> Here's my setup:
> - samba-1.9.18alpha10
> - NT 4.0 SP1
> - smb.conf:
> --------------------------------------------------------------------------
> status = yes
> security = user
> encrypt passwords = yes
> load printers = yes
> log level = 1
> log file = /usr/local/samba/var/log.%m
> password level = 2
> read prediction = yes
> socket options = TCP_NODELAY
> valid chars = ö:Ö å:Å ä:Ä
> share modes = yes
> locking = yes
> strict locking = yes
> keepalive = 30
>
> workgroup = ANTSMB
> domain sid = S-1-5-21-123-456-789-123
> domain logons = yes
>
> [homes]
> guest ok = no
> read only = no
> comment = Home Directory
>
> [netlogon]
> comment = Samba Network Logon Service
> path = /usr/local/samba/lib/netlogon
> case sensitive = no
> guest ok = yes
> locking = no
> writable = no
> --------------------------------------------------------------------------
>
> netlogon is empty, do i really need it?
i think it might.
> Samba runs under Linux-2.0.30-pre10 with automount support enabled.
>
> What's even worse: I have just discovered that i can even login with
> no password,
correct: we know that the SAM Logon request contains an rc4 obfuscation
of the Lan Manager and NT 16 byte OWF clear-text-equivalent passwords.
we haven't put password checking in, yet because of ITAR regulations on
rc4, and because we don't quite understand the obfuscation mechanism yet
(i've not been able to test it, yet).
it doesn't matter much anyway: the SAM Logon stuff is completely
independent of the SMB connections.
in other words, while you can do a SAM Logon with your username and no
password, you will *still* need a username and password to connect to
shares on your samba server.
does that make sense to you?
> i accidently hit return, got logged in and even get a
> desktop! Strange....
this copy of the desktop is being downloaded from your local cache.
either that, or the SMB password.
> Any ideas what i've done wrong?
absolutely nothing :) thank you for trying out 18alpha10, and for
reporting your experiences with it. if you happen to have Net Monitor,
i'd appreciate it if you could run it on another NT machine while doing
a SAM login for rebahn, do a "Copy" on the SAM Logon request and
response
packets, and "Paste" to a text file. before sending it to me, change
the
password for the user "rebahn".
i'd like to know that the SAM Logon response packet is well-formed,
according to NetMonitor...
luke
<a href="mailto:lkcl@switchboard.net" > Luke Kenneth Casson
Leighton </a>
<a href="http://mailhost.cb1.com/~lkcl"> Lynx2.7-friendly Home
Page </a>
<br><b> "Apply the Laws of Nature to your environment because
your
environment applies the Laws of Nature to you"
</b>