[cifs-protocol] Clarify reserved bytes that are in fact used in LogonSamLogonEx response

Andrew Bartlett abartlet at samba.org
Fri Jul 24 00:37:19 MDT 2009


On Mon, 2009-07-20 at 22:00 +1000, Andrew Bartlett wrote:
> G'day,
> 
> My friend in Samba development Matthieu has been chasing down small but
> possibly significant differences between Samba4 and Windows.  He is
> puzzled by the following, and we wondered if you might be able to shed
> some light on the matter.

I've reproduced the problem locally, and attach the sniffs of the
network behaviour.

This is being tracked in Samba bug:

https://bugzilla.samba.org/show_bug.cgi?id=6273


The traces include:

samba4-to-win2008-failure:
 an NTLM login attempt, an attempt to use Samba's own SPNEGO libraries
(which are faulty)

samba4-to-win2008-failure-gensec_spnego:
 a Kerberos login attempt using Heimdal's SPENGO code

This shows that the problem is not just in NTLM logins, but perhaps in
the PAC/info3 reply.  Is some kind of per-user licensing thing tied up
here?  I've tried to up the number of users permitted to access the
share, without success.

If you need any assistance setting up Samba4 to reproduce this, I am
more than willing to assist.

The commands I used were:
bin/smbclient //win2008-2/test -Uadministrator%samba2 -d1 -kno
bin/smbclient //win2008-2/test -Uadministrator%samba2 -d1 -kyes
bin/smbclient //win2008-2/test -Uadministrator%samba2 -d1 -kyes
--option=gensec:spnego=no --option=gensec:gssapi_spnego=yes

Also see the attached patch to Samba4 rev
d005e4dabb396607d959ece8da3c649797d59d44 to make the last command work. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba4-to-win2008-failure.cap
Type: application/octet-stream
Size: 14576 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20090724/bafb7a2f/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba4-to-win2008-failure-gssapi_spengo.cap
Type: application/octet-stream
Size: 12902 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20090724/bafb7a2f/attachment-0003.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-gssapi_spengo.patch
Type: text/x-patch
Size: 617 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20090724/bafb7a2f/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20090724/bafb7a2f/attachment-0001.pgp>


More information about the cifs-protocol mailing list