[cifs-protocol] RE: 600169 - RE: DCE/RPC
PFC_SUPPORT_HEADER_SIGN not optional
Richard Guthrie
rguthrie at microsoft.com
Wed Sep 3 22:55:25 GMT 2008
Stefan,
The traces you sent seems to show a correct security context negotiation but something is failing when we go to use that context which is why we see RPC_NT_SEC_PKG_ERROR. I would like to start with getting some more detailed error info from the windows machine by doing the following:
Enabling Extended Error Information. You can do this by following the steps in this msdn article http://msdn.microsoft.com/en-us/library/aa373803(VS.85).aspx and taking a network capture again. This is going to add some additional information in the response that will lead us to a more precise error message. If you can send me that trace with the associated keytab file, I can get further into what the problem is.
Richard Guthrie
Open Protocols Support Team
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM
Tel: +1 (469) 775-7794
E-mail: rguthrie at microsoft.com
We're hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted
-----Original Message-----
From: Stefan (metze) Metzmacher [mailto:metze at samba.org]
Sent: Friday, August 15, 2008 1:36 AM
To: Andrew Bartlett
Cc: Richard Guthrie; pfif at tridgell.net; cifs-protocol at samba.org
Subject: Re: [cifs-protocol] RE: 600169 - RE: DCE/RPC PFC_SUPPORT_HEADER_SIGN not optional
Hi,
I managed to implement working code that does header signing, with des, arcfour and aes keys. See my feaeture branch at
http://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=v4-0-aes3
However it only works with windows 2008 and auth type 16 (kerberos) and it doesn't work with auth type 9 (kerberos via spnego).
(Windows 2003 shows the same behavior)
See the attached captures.
metze
More information about the cifs-protocol
mailing list