[cifs-protocol] backup key protocol with RODC

Matthieu Patou mat at samba.org
Mon Sep 27 17:49:19 MDT 2010


  Hi Hongwei,

Following the talk we had on the RODC interaction with backup key 
protocol here is the output of my torture test:


mat at ares:/usr/local/src/samba4/source4$ ./bin/smbtorture  
ncacn_np:10.0.1.14[seal] RPC-BACKUPKEY -U W2K8R2\\administrator%P at ssw0rd
Using seed 1285628841
...
test: backupkey.restore_guid
time: 2010-09-28 03:07:21.829996
error while loading the cert
time: 2010-09-28 03:07:21.881711
error: backupkey.restore_guid [
Unknown error/failure
]
This test is the full restore (1: get the cert, 2: send a description 
request), it seems that I have to add more tests to my torture to catch 
errors, but basically it boils down to an unable to get the server 
public key as the next test will show

test: backupkey.retreive_backup_key_guid
time: 2010-09-28 03:07:21.881771
No seal or sign ? 0
time: 2010-09-28 03:07:21.882311
failure: backupkey.retreive_backup_key_guid [
../torture/rpc/backupkey.c:86: r.out.result was WERR_INVALID_PARAM, 
expected WERR_OK: Wrong dce/rpc error code
]
This is the test for getting the server public key (well the cert).

If you can tell me what's happening at a higher level (== DPAPI) I would 
be quite interested.

Thanks.

Matthieu.

-- 
Matthieu Patou
Samba Team        http://samba.org


-------------- next part --------------
A non-text attachment was scrubbed...
Name: bkrp_w2k8r2_rodc_torture.pcap
Type: application/cap
Size: 287777 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20100928/fd4a735d/attachment-0001.pcap>


More information about the cifs-protocol mailing list