Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Building Apple's Samba and missing headers

Very interesting. Evidently, there is was more broken with SAMBA post 10.2.4
Security Update.

Just FYI, I found that the binaries in SAMBA were broken by the 10.2.4 Security
Update, and continue to be broken thru 10.2.6: rcpclient, smbclient, smbspool.

Replacing these binaries with pre-10.2.4 fixes the "NT" authentication issues to
Windows Servers, and allows connecting with smbclient, and printing with smbspool.

Apple has promised to fix this in the 10.3 release.

Gerry Simmons
email@hidden


On Wed, Jun 18 2003 Bill Chin wrote:
>
> On Wednesday, June 18, 2003, at 02:17 PM, Shantonu Sen wrote:
> >
> >> Apparently somewhere along the way PDC functionality in Samba has been
> >> broken (not supported by Apple, but used to work < 10.2.4 or some
> >> security update around that time).
> >
> > Does a diff of the 10.2.4 -> 10.2.6 versions not show the changes?
>
> Apparently it's not the smbd. This used to work in some earlier version
> of Jaguar, definitely in 10.2 but not isolated to the exact package
> that broke the PDC. Symptoms include the inability to join additional
> machines or add users that work - existing users and machines seem
> unaffected. We double checked with a clean 10.2 install, and the PDC
> functionality works. We took the smbd from 10.2 and put it on our
> 10.2.6 machine and it still broken. We took the 10.2.6 smbd and put it
> on the 10.2 machine and it still works. I'm guessing the problem has to
> do with a change in Password Server, not smbd. Unfortunately, that fact
> may may take this issue out of the realm of Darwin.
>
> Anyways, the broken PDC logs a "invalid password length" when I try to
> join a Windows 2k machine to the domain. I don't understand exactly
> what is supposed to happen, but there is something about a 512 byte
> length piece of data that is supposed to be encrypted with, I believe,
> the Adminstrator's (root) password on the client. The server is
> supposed to decrypt it and apply an update to the userinfo record of
> the machine account, but the password length which is the 4 bytes after
> that 512 byte piece of data is incorrect. It is supposed to be a length
> < 128 I believe.
>
-- snip snip --
>
> My hunch is that the hash used by the Password Server is different than
> the one used to generate entries in the smbpasswd, and in PDC mode the
> smbpasswd is still used. But I'm still learning this.
_______________________________________________
darwin-development mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-development
Do not post admin requests to the list. They will be ignored.


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.