[cifs-protocol] RE: LSA LookupSids 3
abartlet at samba.org
Fri Aug 29 21:59:38 GMT 2008
On Fri, 2008-08-29 at 13:32 -0700, John Dunning wrote:
> Hello Andrew,
> I have reviewed the network capture and it clearly shows what you
> are describing. The reason that the msprc fault occurred in Frame 1695
> is that there is no Authverifier information in the
> LSARPC:LsarLookupSids3 Request in Frame 1694. Looking at a successful
> LSARPC:LsarLookupSids3 Request in a different capture I see that the
> Authverifier field is present. This field contains the
> RPC_C_AUTHN_NETLOGON and the RPC_C_AUTHN_LEVEL_INTEGRITY information.
> I am theorizing that the Authverifier field is missing in your trace
> because there was not a RPC Bind exchange prior to this request.
Well, you have the full trace - see the RPC bind in packet 22
> My source code investigation indicates that if the Authverifier field
> is present that the server will behave as described in MS-LSAT
> 18.104.22.168. When the Authverifier field is absent then it will lead to an
> msrpc Fault of access denied.
We have connected with level 'connect', which does not have an
authentication verifier. All previous packets (prepared similarly) are
processed. Why is this call different?
> Is it the intention of your test to determine what would happen when a
> LSARPC:LsarLookupSids3 Request is made when there is no Authverifier
> information present?
The intention of this test is to run over all the calls, and test each
one. We were expecting an error code of
NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED or NT_STATUS_ACCESS_DENIED. Getting
an RPC fault was most unexpected. Perhaps there is there a way certain
calls are marked in the IDL as to cause this behaviour?
> PS: I looked into your question about running your test suites. I
> found out that some of the Interop folks have an instance of your
> Samba 4 running as a DC and that some of the SMBTorture tests have
> been run against it. More information in this area should be
That part is easy - do they have smbtorture running against Windows
servers, or your tests running against Samba?
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080830/53e64065/attachment.bin
More information about the cifs-protocol