Trying to join a NetApp2020 (7.2.5.1) to a samba 3.2.4 PDC with ldap backend fails with the following error in log.smbd _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client COMPUTER machine account COMPUTER$ It fails every time no matter if the machine account is first created by hand or not. Reverting back to 3.0.30 the NetApp joins without any problems. Going forward again to 3.2.4 after having copied the *.tdb files from the 3.0.30 release seems to work, at least for now. A password challenge between the NetApp and the PDC has not happened yet so I don't know if it still works after that. Cheers Rob
I found a problem on samba 3.2.8. When a member server will join to samba 3.2.8(PDC) by using "net rpc oldjoin", it fails. 1. I add a machine account on PDC. # smbldap-useradd -w host1 # pdbedit -a -m host1$ 2. I try to join by "net rpc oldjoin" on other machine. I got debug messages on PDC. [2009/02/20 09:34:34, 5] libsmb/credentials.c:creds_step(171) SERVER D02BE47EB59E21B4 [2009/02/20 09:34:35, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (999, 514) - sec_ctx_stack_ndx = 0 netr_ServerPasswordSet: struct netr_ServerPasswordSet out: struct netr_ServerPasswordSet return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : d02be47e00000000 timestamp : (time_t)0 result : NT_STATUS_OK [2009/02/20 09:34:35, 10] lib/util.c:dump_data(2235) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 08 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 D0 2B E4 7E 00 00 00 ........ ..+.~... [020] 00 00 00 00 00 00 00 00 00 ........ . "D02BE47EB59E21B4" is input from client. But the response is changed to "d02be47e00000000". It is a reason that "net rpc oldjoin" fails. My patch fixes this problem. And I think NetApp uses the same mechanism as "net rpc oldjoin". source/rpc_server/srv_netlog_nt.c This is wrong place. memcpy(r->out.return_authenticator, &cred_out, sizeof(r->out.return_authenticator)); "sizeof(r->out.return_authenticator)" is 4 on x86. Because it is pointer. It should be "sizeof(struct net_Authenticator)". struct netr_ServerPasswordSet { struct { const char *server_name;/* [unique,charset(UTF16)] */ const char *account_name;/* [charset(UTF16)] */ enum netr_SchannelType secure_channel_type; const char *computer_name;/* [charset(UTF16)] */ struct netr_Authenticator *credential;/* [ref] */ struct samr_Password *new_password;/* [ref] */ } in; struct { struct netr_Authenticator *return_authenticator;/* [ref] */ NTSTATUS result; } out; };
Created attachment 3940 [details] fix response of _netr_ServerPasswordSet
Great catch! I've checked a slightly different form of that patch into all branches. Thanks! Volker