Samba 3.0.32, I tried to join by "net rpc oldjoin" for Active Directory for Windows 2000 Server. It required a password, so I entered return key. # ./net rpc oldjoin Password: [Enter] Could not connect to server WIN2000SRV The username or password was not correct. Joined domain WINDOM. As a result, I succeeded to join. But wbinfo -t failed. # ./wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc0000022) Could not check secret I compared samba 3.0.24(no problems) with 3.0.32, and I found 2 problems in samba 3.0.32. 1. connect_to_ipc() is used instead of connect_to_ipc_anonymous() by "net rpc oldjoin". Because opt_user_name is not NULL always. 2. NETLOGON_NEG_AUTH2_ADS_FLAGS is used in just_change_password() always. I think it should be used NETLOGON_NEG_AUTH2_FLAGS by "net rpc oldjoin". I'll attach a patch to fix this issue.
Created attachment 3690 [details] a patch to fix net rpc oldjoin
Looking into this.
Ok, this is already fixed in 3-0-test git branch and will be part of 3.0.33. I just tested and verified. The correct fix is to use another pwd change function when negotiating support for it (netr_ServerPasswordSet2). Thanks for reporting. *** This bug has been marked as a duplicate of 5710 ***
Thanks for your reply. I'll talk about a minor issue. When "LOGNAME" variable is NULL, "net rpc oldjoin" requires a password always. Because the opt_user_name variable is set as "" in main(). utils/net.c 1036 1037 if (!opt_user_name && getenv("LOGNAME")) { 1038 opt_user_name = getenv("LOGNAME"); 1039 } 1040 1041 if (!opt_user_name) { 1042 opt_user_name = ""; 1043 } 1044 So, the length of opt_user_name should be checked.
Created attachment 3707 [details] check the length of opt_user_name variable
Ok, that is an annoying effect but we stopped fixing things like this for 3.0. It is working without prompting in later (supported) versions of Samba. Closing as wontfix for 3.0.