similar to: site poll.

NT uses proprietary encryption mechanisms to protect passwords and to authenticate users. There is no one source of information on these schemes outside of Microsoft. If anyone has any information on any of the following or any other topics that they would like to see published as a White Paper, please contact lkcl@iss.net. The paper will include as comprehensive a list of these mechanisms as

ok, people, i _really_ need help with this. i estimate that if i work on this full-time it's going to take about... two weeks. i have one volunteer for the samr functions. it's been two days, already, and i'm only half-way through samr. that means, nothing else gets done, and samba-tng current cvs is broken because the _samr_lookup_rids() function goes into an infinite loop on that

rpcclient sound cool. I am running 2.0.6 Samba. 'rpcclient' exists with it but a call to 'man rpcclient' gets no results. Could it be that the man pages are in a later release? Dan dmalcolm@hiwaay.net ----- Original Message ----- From: "Luke Kenneth Casson Leighton" <lkcl@samba.org> To: "Multiple recipients of list SAMBA-NTDOM"

your assistance is needed to crash Windows NT. i have now been working for internet security systems for a year. part of my job is to produce a confidential report to microsoft of any vulnerabilities found in Windows NT. once a fix is available then microsoft releases a report. or if too much time goes by for a serious problem (e.g six months and it's an anonymous denial of service attack)

NOT WANTED On Sun, 30 Nov 1997 samba@samba.anu.edu.au wrote: > SAMBA Digest 1508 > > For information on unsubscribing see http://samba.anu.edu.au/listproc > Topics covered in this issue include: > > 1) How do I use multiple NT password servers > by jurgessj@b1b.ok.boeing.com (John E. Jurgess ) > 2) Re: How do I use multiple NT password servers > by Luke

ftp://samba.org/pub/samba/alpha or mirror sites. this version has security = domain tested and, shock-horror, working. it is possible to do SMB connections with WORKSTATIONNAME\username (wow) and actually, this is _necessary_, because otherwise, how are you going to join it to a domain? :-) :-) as root: samedit -S . -U root% -l log [] createuser root -p rootpassword [] exit samedit -S thepdc

ftp://samba.org/pub/samba/alpha and mirror sites. finally resolved some of the niggling issues that have kept tng from working: in particular, thanks to karl denninger for helping track down "invalid users = root" in the [global] section which stops root from being able to access anything, including being able to add user accounts! tng is now back where it was about 6 weeks ago: -

Hi, there, I put roaming profiles for NT4 users on samba server. In "Domain User Manager", I set "User profile Path" \\abel\profile\%U.pds, here abel is samba server. It works well, but everyday several users complain. Sometime, they cannot login because of roaming profiles. Sometimes, some users cannot run VC or VB. Sometime, I only need to remove ntuser.dat on samba

anyone want to work next to a lake? i went to ntbugtraq / canada day party / conference last month and had a great time meeting interesting peole in a relaxed atmosphere. i thought i'd forward this on to the samba mailing lists as a lot of the people involved with samba have to deal with heavy duty nt environments. luke p.s don't bug russ if you don't cover the job requirements,

recently, netect / bindview posted a review of the syskey system and how the RC4 cypher stream was reset each time. standard RC4 attack analysis shows that XORing two obfuscated passwords together results in the XOR cypher stream dropping out, and you have the two XORed password. further attack analysis can decrypt the passwords. i am looking to implement an equivalent mechanism to SYSKEY,

i'm sorry, i can't remember who the people were who are dealing with setting up some docs etc on profiles. this question i saw on comp.protocols.smb, and i don't think they read the digest.. lukes <a href="mailto:lkcl@switchboard.net" > Luke Kenneth Casson Leighton </a> <a href="http://mailhost.cb1.com/~lkcl"> Samba Consultancy and Support

Content-Description: Undelivered Message From: Luke Kenneth Casson Leighton <lkcl at lkcl.net> To: Damien Miller <djm at mindrot.org> Cc: openssh-unix-dev at mindrot.org, pam-list at redhat.com, SE-Linux <selinux at tycho.nsa.gov>, hartmans at debian.org Subject: Re: Debian / SE/Linux - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=193664 Mail-Followup-To: Damien Miller

Noticed that no-one has applied this patch to the current 2.0 tree yet. It does work - I've tested it. Alan. *** srv_lsa.c.old Tue Sep 14 09:09:12 1999 --- srv_lsa.c Tue Sep 14 09:12:19 1999 *************** *** 586,603 **** static BOOL api_lsa_close( uint16 vuid, prs_struct *data, prs_struct *rdata) { ! /* XXXX this is NOT good */ ! size_t i; !

when an nt 4.0 workstation or backup domain controller is joined to a domain, the trust account password is set to a well-known initial value. if you are concerned about internal network security, this is not really an acceptable risk: any captured network traffic can be decoded simply from knowing the name of the workstation, which is contained in the network traffic itself. the initial value

On 8 Dec 1997, Stefan Nehlsen wrote: > Hello, > > is there anybody out there, who is working on NIS+ support for Samba? > > If not I will start with it: > > 1. Making "nis homedir (G)" work with NIS+. if you explain to me how it works, i will look at it. > 2. Mapping the smbpasswd file to a NIS+ table. (Does this really > make sense?) yes it does,

On 16 Dec 1997, Mark Evans wrote: > How do get information on domain logins shown > in the log files, currently all I am getting is > showing of the netlogon share being opened and > closed. see ipc.c: in the NetWkstaUserLogon and / or NetWkstaGetInfo functions, decrease the levels of the DEBUG statements, or add your own. > Whereas it would be usefull to have > successful

i've been examining the DCE/RPC over SMB Trans pipes, and i have to say that i'm quite impressed with the design: my compliments to the NT team. i find it quite an agreeable challenge working out the bits that are (and are not) decoded by NETMON.EXE. there are a couple of niggling things, about which absolutely nothing can be done, but i thought i'd mention them anyway: - the

USE AT YOUR OWN RISK. exactly the same rules apply to the use of rpcclient registry commands as to regedit.exe and regedt32.exe, except more so. obtain from: http://samba.anu.edu.au/cvs.html syntax: rpcclient -S nt_hostname -U username[%passwd] -W domain -l logfile rpcclient now has some _preliminary_ commands which work with HKEY_LOCAL_MACHINE and will in the near future work with HKEY_USERS

ftp://samba.org/pub/samba/alpha and mirror sites. when using domain user map, when logging in and then accessing the samba server, i re-enabled map_nt_and_unix_username() to allow the nt username to be remapped to the unix username / share. i think i also now have the GETDC request with enough correct rules in it to allow all the various spurious combinations to be supported. NT 5 wks now can

ftp://samba.org/pub/samba/alpha and mirrors. due to some confusion about how to use samedit's createuser command, i put a warning / security message in whenever createuser hostname$ is used. it basically says, now you can join the workstation to the domain because you have just set the trust account to the insecure, well-known initial value, and you had best join the workstation to the