[cifs-protocol] RE: Regarding [MS-KILE] 184.108.40.206 Three-Leg DCE-Style
johndun at microsoft.com
Fri Aug 15 15:52:34 GMT 2008
Do you have any new status for this? Have you determined if this is still a problem for you?
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Friday, August 08, 2008 9:03 PM
To: metze at samba.org
Cc: pfif at tridgell.net; cifs-protocol at samba.org; John Dunning
Subject: RE: Regarding [MS-KILE] 220.127.116.11 Three-Leg DCE-Style Mutual Authentication
On Fri, 2008-08-08 at 11:07 -0700, John Dunning wrote:
> Hello Andrew,
> I've received feedback from the Product team and they are requesting additional clarification. To start with I would like to insure we understand the issue.
> We understand the problem to be the following, please let me know if this is not correct.
> The behavior SAMBA is seeing is Client authenticates to Server using KILE and the following occurs:
> 1. Client sends RFC std AP_REQ to server
> 2. Server sends RFC std AP_REP to client
> in this message the sequence number is n
> 3. Client sends AP_Rep to server
> in this message the sequence number is n in XP and n+1 in Vista only when AES is used
You seemed to finally get this all working, was the sequence number a
red herring, or did we still need a special case there?
> Please clarify what GSSAPI you are using. From the Product team's
> investigation they don't see a difference in behavior with AES. They
> are also requesting possible repro steps and Kerberos logs.
We use a patched version of Heimdal. Having Vista join Samba4 is the
base case we were working on, but metze will be able to clarify the
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
More information about the cifs-protocol