Bug 5855 - Failed "wbinfo -t" after "net rpc oldjoin"
Summary: Failed "wbinfo -t" after "net rpc oldjoin"
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: net utility (show other bugs)
Version: 3.0.32
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Guenther Deschner
QA Contact: Samba QA Contact
Depends on:
Reported: 2008-10-27 05:51 UTC by Yasuma Takeda
Modified: 2009-09-03 15:14 UTC (History)
0 users

See Also:

a patch to fix net rpc oldjoin (3.49 KB, patch)
2008-10-27 05:52 UTC, Yasuma Takeda
no flags Details
check the length of opt_user_name variable (454 bytes, patch)
2008-11-03 23:46 UTC, Yasuma Takeda
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuma Takeda 2008-10-27 05:51:53 UTC
Samba 3.0.32, I tried to join by "net rpc oldjoin" for Active Directory for Windows 2000 Server.
It required a password, so I entered return key.

# ./net rpc oldjoin
Password: [Enter]
Could not connect to server WIN2000SRV
The username or password was not correct.
Joined domain WINDOM.

As a result, I succeeded to join. 
But wbinfo -t failed.

# ./wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret

I compared samba 3.0.24(no problems) with 3.0.32, and I found 2 problems in samba 3.0.32.

1. connect_to_ipc() is used instead of connect_to_ipc_anonymous() by "net rpc oldjoin".
   Because opt_user_name is not NULL always.

2. NETLOGON_NEG_AUTH2_ADS_FLAGS is used in just_change_password() always.
   I think it should be used NETLOGON_NEG_AUTH2_FLAGS by "net rpc oldjoin". 

I'll attach a patch to fix this issue.
Comment 1 Yasuma Takeda 2008-10-27 05:52:31 UTC
Created attachment 3690 [details]
a patch to fix net rpc oldjoin
Comment 2 Guenther Deschner 2008-10-27 17:48:05 UTC
Looking into this.
Comment 3 Guenther Deschner 2008-10-30 09:44:37 UTC
Ok, this is already fixed in 3-0-test git branch and will be part of 3.0.33.

I just tested and verified.

The correct fix is to use another pwd change function when negotiating support for it (netr_ServerPasswordSet2).

Thanks for reporting.

*** This bug has been marked as a duplicate of 5710 ***
Comment 4 Yasuma Takeda 2008-11-03 23:45:46 UTC
Thanks for your reply.
I'll talk about a minor issue.

When "LOGNAME" variable is NULL, "net rpc oldjoin" requires a password always.
Because the opt_user_name variable is set as "" in main().

   1037         if (!opt_user_name && getenv("LOGNAME")) {
   1038                 opt_user_name = getenv("LOGNAME");
   1039         }
   1041         if (!opt_user_name) {
   1042                 opt_user_name = "";
   1043         }

So, the length of opt_user_name should be checked.
Comment 5 Yasuma Takeda 2008-11-03 23:46:38 UTC
Created attachment 3707 [details]
check the length of opt_user_name variable
Comment 6 Guenther Deschner 2009-09-03 15:14:36 UTC
Ok, that is an annoying effect but we stopped fixing things like this for 3.0.

It is working without prompting in later (supported) versions of Samba.

Closing as wontfix for 3.0.