PGP SIGNED MESSAGE
Hash: SHA1
This is odd. Running the current 3.0.23 release tree on RHEL3
against a Windows 2003 domain (with the DES keys hotfix) gives:
$ bin/net rpc join -U Administrator%bleaK.er -W CLR
Joined domain CLR.
$ bin/net ads join -U Administrator%bleaK.er -W CLR
Failed to set password for machine account (NT_STATUS_WRNG_PASSWRD)
Failed to join domain!
But both are using the same SetUserInfo(24) call. Both the 'rpc
join' and 'ads join' succeed on SuSE 10.0. I can see anything
that is different between the two.
Anyone got any ideas?
cheers, jerry
Samba http://www.samba.org
Centeris http://www.centeris.com
"What man is a man who does not make the world better?"
PGP SIGNATURE
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
XRi/kIeiGHJcmRzipZuvzrs=
=TY
PGP SIGNATURE

PGP SIGNED MESSAGE
Hash: SHA1

Gerald (Jerry) Carter wrote:
This is odd. Running the current 3.0.23 release tree on RHEL3
against a Windows 2003 domain (with the DES keys hotfix) gives:

$ bin/net rpc join -U Administrator%bleaK.er -W CLR
Joined domain CLR.

$ bin/net ads join -U Administrator%bleaK.er -W CLR
Failed to set password for machine account (NT_STATUS_WRNG_PASSWRD)
Failed to join domain!

But both are using the same SetUserInfo(24) call. Both the 'rpc
join' and 'ads join' succeed on SuSE 10.0. I can see anything
that is different between the two.

ok. Looks like 'rpc join' case has a 16 byte session key
while the 'ads join' has an 8 byte session key. Have
have goofed the DES session keys ?

cheers, jerry

Samba http://www.samba.org
Centeris http://www.centeris.com
"What man is a man who does not make the world better?"
PGP SIGNATURE
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

VSM+25tbdB1rMkTcjp6HDYI=
=nMDM
PGP SIGNATURE

PGP SIGNED MESSAGE
Hash: SHA1

Gerald (Jerry) Carter wrote:

ok. Looks like 'rpc join' case has a 16 byte session key
while the 'ads join' has an 8 byte session key. Have
have goofed the DES session keys ?

Hmmmso the RC4-HMAC krb5 session setup gives us
a 16 byte session key. That would make sense why it works
on SuSE 10.0.

cheers, jerry

Samba http://www.samba.org
Centeris http://www.centeris.com
"What man is a man who does not make the world better?"
PGP SIGNATURE
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

UzDAJl7i0TrMJ8/IczH+l9U=
=HjZl
PGP SIGNATURE

Thu, Jul 06, 2006 at 08:36:53PM -0500, Gerald (Jerry) Carter wrote:
PGP SIGNED MESSAGE
Hash: SHA1

Gerald (Jerry) Carter wrote:

ok. Looks like 'rpc join' case has a 16 byte session key
while the 'ads join' has an 8 byte session key. Have
have goofed the DES session keys ?

Hmmmso the RC4-HMAC krb5 session setup gives us
a 16 byte session key. That would make sense why it works
on SuSE 10.0.

Wasn't there an old Red Hat patch that truncated
the sesssion key to 8 bytes that we removed

I do seem to remember this. Andrew Bartlett might
remember more.

Jeremy.