[cifs-protocol] backup key protocol with RODC
Matthieu Patou
mat at samba.org
Mon Sep 27 17:49:19 MDT 2010
Hi Hongwei,
Following the talk we had on the RODC interaction with backup key
protocol here is the output of my torture test:
mat at ares:/usr/local/src/samba4/source4$ ./bin/smbtorture
ncacn_np:10.0.1.14[seal] RPC-BACKUPKEY -U W2K8R2\\administrator%P at ssw0rd
Using seed 1285628841
...
test: backupkey.restore_guid
time: 2010-09-28 03:07:21.829996
error while loading the cert
time: 2010-09-28 03:07:21.881711
error: backupkey.restore_guid [
Unknown error/failure
]
This test is the full restore (1: get the cert, 2: send a description
request), it seems that I have to add more tests to my torture to catch
errors, but basically it boils down to an unable to get the server
public key as the next test will show
test: backupkey.retreive_backup_key_guid
time: 2010-09-28 03:07:21.881771
No seal or sign ? 0
time: 2010-09-28 03:07:21.882311
failure: backupkey.retreive_backup_key_guid [
../torture/rpc/backupkey.c:86: r.out.result was WERR_INVALID_PARAM,
expected WERR_OK: Wrong dce/rpc error code
]
This is the test for getting the server public key (well the cert).
If you can tell me what's happening at a higher level (== DPAPI) I would
be quite interested.
Thanks.
Matthieu.
--
Matthieu Patou
Samba Team http://samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bkrp_w2k8r2_rodc_torture.pcap
Type: application/cap
Size: 287777 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20100928/fd4a735d/attachment-0001.pcap>
More information about the cifs-protocol
mailing list