[cifs-protocol] RE: Regarding [MS-KILE] 3.4.5.1 Three-Leg DCE-Style
Mutual Authentication
Andrew Bartlett
abartlet at samba.org
Sat Aug 9 02:02:34 GMT 2008
On Fri, 2008-08-08 at 11:07 -0700, John Dunning wrote:
> Hello Andrew,
> I've received feedback from the Product team and they are requesting additional clarification. To start with I would like to insure we understand the issue.
>
> We understand the problem to be the following, please let me know if this is not correct.
>
> The behavior SAMBA is seeing is Client authenticates to Server using KILE and the following occurs:
> 1. Client sends RFC std AP_REQ to server
> 2. Server sends RFC std AP_REP to client
> in this message the sequence number is n
> 3. Client sends AP_Rep to server
> in this message the sequence number is n in XP and n+1 in Vista only when AES is used
Metze:
You seemed to finally get this all working, was the sequence number a
red herring, or did we still need a special case there?
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Please clarify what GSSAPI you are using. From the Product team's
> investigation they don't see a difference in behavior with AES. They
> are also requesting possible repro steps and Kerberos logs.
We use a patched version of Heimdal. Having Vista join Samba4 is the
base case we were working on, but metze will be able to clarify the
current status.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080809/523bb219/attachment.bin
More information about the cifs-protocol
mailing list