From: Christoph Theis on
Hello,

I don't know if this is the right list to discuss this topic.
I have a FreeBSD (virtual) machine running Samba 4 alpha 11 which acts
as a AD and another (virtual) machine running Windows 2000 which is a
domain member. When a program on the W2k machine calls
LookupAccountName to translate an user name to the SID this translates
roughly to the following steps:

- Setup a SMB session with the credentials of the service account
- Call bind to create an unsecure channel
- Call lsa_OpenPolicy2 to obtain a policy handle
- Call bind again to create a secure channel
- Call lsa_QueryInfoPolicy to obtain domain info

The last call fails because Samba finds the policy handle but the SID
stored with the handle (the SID of the system account) does not match
the SID of the lsa_QueryInfoPolicy call (S-1-5-7 aka Anonymous).

I don't know what a correct behaviour would be: That the handle does
not have any SID stored with it because it was obtained via an
unauthenticated call or if the credentials of the bind calls shall be
used to secure the channel only and the lsa_QueryInfoPolicy call shall
have the credentials from the session setup.

If necessary I can file a bug report and / or provide a pcap file.

--
Best regards,
Christoph mailto:theis.news(a)gmx.at

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba