Re: [Samba] \System32\GroupPolicy named pipe?
On Sun, Dec 01, 2002 at 11:48:34AM +1100, Andrew Bartlett wrote: On Sun, 2002-12-01 at 08:08, Jason Spence wrote: Hi - I'm using samba to connect some windows boxen to a distributed set of unix machines. I'm trying to unify some of the administrative interfaces via mmc, specifically the group policy stuff. When I try to use the Group Policy snap-in to connect to my samba 2.2.1 servers, I see the windows box do a Tree Connect Andx to ADMIN$\System32\GroupPolicy, and then the samba box responds with 0x0004, permission denied. Then the windows box goes and tries to create ADMIN$\System32, which also fails. I have sniffer dumps of the exchange here (libpcap format, use Ethereal to open): http://lightconsulting.com/~thalakan/gpdump.cap A comparitive capture of what Win2k does could be useful here. Actually, 172.16.0.254 in that capture is the Win2k SP3 box. -- - Jason Currently at: Home (Fremont, CA) (Partly Cloudy) Avoid Quiet and Placid persons unless you are in Need of Sleep. -- National Lampoon, Deteriorata -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] \System32\GroupPolicy named pipe?
On Sun, Dec 01, 2002 at 12:25:40PM +1100, Andrew Bartlett wrote: Just a clarification: You can do IPC operations on disk shares, and some domain clients use ADMIN$ for the IPC part of the domain join. As Samba doesn't want to provide a 'disk' share that admins can't control, it maps it as an IPC share. If I taught samba how to deal with a ADMIN$ share which defined a path = XXX while at the same time keeping the IPC functionality, would that violate any assumptions other code has? You make it sound like it might be a security risk too... -- - Jason Currently at: Home (Fremont, CA) (Partly Cloudy) Caution: breathing may be hazardous to your health. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] \System32\GroupPolicy named pipe?
Hi - I'm using samba to connect some windows boxen to a distributed set of unix machines. I'm trying to unify some of the administrative interfaces via mmc, specifically the group policy stuff. When I try to use the Group Policy snap-in to connect to my samba 2.2.1 servers, I see the windows box do a Tree Connect Andx to ADMIN$\System32\GroupPolicy, and then the samba box responds with 0x0004, permission denied. Then the windows box goes and tries to create ADMIN$\System32, which also fails. I have sniffer dumps of the exchange here (libpcap format, use Ethereal to open): http://lightconsulting.com/~thalakan/gpdump.cap Poking around in the samba source code, it looks like ADMIN$ is aliased to IPC$, but the System32 named pipe isn't created anywhere. Does anyone have any thoughts on implementing this and whatever associated protocol is necessary to modify server-side group policies over it? -- - Jason Currently at: Home (Fremont, CA) (Partly Cloudy) Everything journalists write is true, except when they write about something you know. -- Dag-Erling Smorgrav, June 1999, FreeBSD-Stable Mailing List -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba