Bug 6470 - ADUC: Impossible to access as local administrator
ADUC: Impossible to access as local administrator
Status: RESOLVED FIXED
Product: Samba 4.0
Classification: Unclassified
Component: Tools
unspecified
All All
: P3 normal
: ---
Assigned To: Andrew Bartlett
Andrew Bartlett
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-06-13 12:45 UTC by Matthias Dieter Wallnöfer
Modified: 2009-07-08 08:22 UTC (History)
0 users

See Also:


Attachments
Here a wireshark log (13.27 KB, application/octet-stream)
2009-06-19 02:07 UTC, Matthias Dieter Wallnöfer
no flags Details
A logfile of samba at debug level 10 (229.40 KB, application/octet-stream)
2009-06-19 14:41 UTC, Matthias Dieter Wallnöfer
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Dieter Wallnöfer 2009-06-13 12:45:13 UTC
Earlier it has been possible, to access ADUC as local administrator if the machine joined the domain and the password was the same as the domain administrator. Now I get an error message saying "Directory service not available". When controlling with Wireshark I notice malformed SASL packages. Could it be that the new Lorikeet Heimdal Kerberos broke something?
The access as domain administrator works painless as before.
Comment 1 Matthieu Patou 2009-06-13 16:55:22 UTC
Have you tested it on a w2k3/w2k8  domain ?
Comment 2 Matthias Dieter Wallnöfer 2009-06-14 13:46:43 UTC
No, since I don't have them available.
But I imagine that SAMBA 4 's behaviour is wrong due a problem with the SASL negotiation (malformed SASL packages).
Comment 3 Andrew Bartlett 2009-06-14 17:41:52 UTC
Access to the wrong domain by the happy coincidence of passwords is not a mode of operation I particularly care to support, unless it is clear we now mis-match windows.

Comment 4 Matthias Dieter Wallnöfer 2009-06-19 02:07:46 UTC
Created attachment 4319 [details]
Here a wireshark log
Comment 5 Matthias Dieter Wallnöfer 2009-06-19 14:41:10 UTC
Created attachment 4331 [details]
A logfile of samba at debug level 10
Comment 6 Matthias Dieter Wallnöfer 2009-06-23 13:53:49 UTC
The behaviour (same username, same password, but only local administrator) is also the same on Windows Server. SAMBA 4 did it right until the latest KERBEROS update and we've to restore it.
Comment 7 Matthias Dieter Wallnöfer 2009-07-08 08:22:12 UTC
The bug has been fixed by commit 57afa1edebe38ea48be5fc074a8284c762e35e17.