Hi folks, I've been digging around a problem I've had recently where an NT4 PDC is refusing to give me password hashes. Everything else from a samsync run appears ok, just that the password hashes are missing. I've tried to build an identical virtual machine, but can't figure out what's causing the problem. The network in question doesn't currently have a BDC, so I've not been able to verify that it's solely a Samba problem, either. However, I have turned up some (potentially) interesting stuff; in performing a samsync, NT4 compares with Samba as follows:
NT4 PDC/NT4 BDC, traffic from BDC->PDC * Negotiated Protocol level is 7 * Setup AndX and Tree Connect are in one packet (chained together as permitted by AndX). Anonymous user used. * NT Create AndX, path = \\netlogon Security Tracking mode is dynamic * DCE bind to NETLOGON pipe callid = 0 No packet flags set Auth data filled in: auth type = NETLOGON Secure Channel (0x68) auth level = Packet security (0x06) auth credentials include null-terminated Domain and PDC strings. * Further traffic is encrypted based on the auth data NT 4 PDC/Samba BDC, traffic from BDC->PDC * Negotiated Protocol level is 8 * Separate Setup and Tree Connect AndX's Anonymous user used. * NT Create AndX, path = \\netlogon Security tracking mode is dynamic * DCE bind to NETLOGON pipe callid = 1 First and Last frag flags set No auth data * Further traffic appears to be entirely in the clear, but ethereal had trouble decoding it. I'm not sure which, if any, of the above differences would be caused by the different negotiated protocols - in fact, I'd expect level 8 to be more secure than level 7, from what little I understand of the protocol levels. I've also looked at the code that creates DCE packets and there doesn't, at present, appear to be an easy way to signal that the auth data should be activated - it's currently keyed off the Sign/Seal stuff that Andrew was working on, and the auth data is fixed length and fixed type (0x0a). Anyway, I'm going to have to run up a BDC on the "real" network to determine if any of the above explains why I can't get password hashes from the PDC. If anyone has clues to throw me, feel free :) Cheers, Waider. PS as ever, this is Samba HEAD, and NT4 SP6 + all Windows Update patches -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. "anyplace where you cannot feel cold shall hold you in its arms forever." - Corprew Reed