[cifs-protocol] RE: LSA LookupSids 3
johndun at microsoft.com
Fri Aug 29 20:32:55 GMT 2008
I have reviewed the network capture and it clearly shows what you are describing. The reason that the msprc fault occurred in Frame 1695 is that there is no Authverifier information in the LSARPC:LsarLookupSids3 Request in Frame 1694. Looking at a successful LSARPC:LsarLookupSids3 Request in a different capture I see that the Authverifier field is present. This field contains the RPC_C_AUTHN_NETLOGON and the RPC_C_AUTHN_LEVEL_INTEGRITY information. I am theorizing that the Authverifier field is missing in your trace because there was not a RPC Bind exchange prior to this request.
My source code investigation indicates that if the Authverifier field is present that the server will behave as described in MS-LSAT 126.96.36.199. When the Authverifier field is absent then it will lead to an msrpc Fault of access denied.
Is it the intention of your test to determine what would happen when a LSARPC:LsarLookupSids3 Request is made when there is no Authverifier information present?
PS: I looked into your question about running your test suites. I found out that some of the Interop folks have an instance of your Samba 4 running as a DC and that some of the SMBTorture tests have been run against it. More information in this area should be forthcoming.
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Monday, August 25, 2008 5:44 PM
To: John Dunning
Cc: Interoperability Documentation Help; pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: LSA LookupSids 3
On Mon, 2008-08-25 at 09:59 -0700, John Dunning wrote:
> Hello Andrew,
> I will be looking into this for you. How did you arrive at this conclusion? Do you have a network trace that shows this behavior?
Samba4's RPC-LSA test shows this behaviour (capture attached)
Are we any closer to you being able to run the tests yourself?
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
More information about the cifs-protocol