Andrew, Could you please elaborate on your ACCESS_DENIED/viud comment? Does "odd" mean my answers don't make sense or does it mean that the behavior is not supposed to happen like this? (or both)
Also, am I correct in assuming that your suggestion to try w/ 3.0.3rc1 means that: a) My setup looks OK and/or b) 3.0.2a has some known issues? If 3.0.2a is suspected or known to exhibit this problem, I'd be happy to plough through another source build but it's a big enough effort that I'd really like to solve the problem w/ the current production release if at all possible. As soon as I get your reply, I'll build up the test scenario. Adrian Message from "Andrew Bartlett" <[EMAIL PROTECTED]> , received on 4/22/04 1:50 AM: > On Sat, 2004-04-17 at 03:31, Adrian Newby wrote: >> Hello experts, >> >> I¹ll try and keep this brief but detailed (if that¹s possible.). I¹m sure >> I >> don¹t understand the technologies sufficiently but I believe I¹m seeing >> counter-intuitive behavior with my Samba 3 setup. What I want is nice, >> tight Win 2K3 security. What I¹ve got is ADS integration, including domain >> user authentication using winbind, but I can¹t get the security level right. >> >> Problem summary: >> ---------------------- >> Samba 3.0.2a on Solaris 9 is configured with ADS security. >> Lanman and NTLM authentication is prohibited. >> Clients requesting NTLMv2 authentication result in NT_STATUS_ACCESS_DENIED, >> even though the log suggests authentication is successful. >> Clients requesting NTLM authentication are accepted and authenticated. >> Also, cannot establish initial SMB session when packet signing enforced. >> (log not provided) > > Try all this with a current subversion checkout, or 3.0.3rc1. > > The ACCESS_DENIED is because the tree connect appears not to have a > valid vuid (the token returned by a session setup), which is most odd.. > > Andrew Bartlett --------------------------------- Adrian Newby Chief Technology Officer Prudent Rx Inc. 100 Corporate Pointe, Suite 395 Culver City, CA 90230 P: +1 (310)642-1700 x124 F: +1 (310)642-1701 e: [EMAIL PROTECTED] **Notice of Confidentiality** The information contained in this e-mail message is intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copy of the communication is prohibited. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
