[cifs-protocol] [MS-NRPC] Problem encrypting data when use AES based Netlogon SChannel
Michael B Allen
ioplex at gmail.com
Tue Jul 5 06:45:25 MDT 2011
On Tue, Jul 5, 2011 at 12:01 AM, Moh Yen Liew <mohyen.liew at wesoft.com> wrote:
> Hi Mike:
> According to MS-NRPC pg 111, bit 17 (indicated as bit R) of negotiable flag is actually referring to "supports the NetrServerPasswordSet2 functionality".
Page numbers are probably not going to line up well and I think you're
counting bits from the opposite direction but in my (arguably very
old) copy of [MS-NRPC] shows bit 17 (indicated as bit 'O') of
NegotiateFlags in NetrServerAuthenticate3 described as:
"Supports strong keys. Added in Windows 2000 Server and supported in
Windows XP, Windows Server 2003, Windows Vista, and Windows Server
2008."
I have no idea what this bit really does but WireShark describes it as
"AES & SHA2 supported: Not set" and it's off in your capture.
Mike
> -----Original Message-----
> From: Michael B Allen [mailto:ioplex at gmail.com]
> Sent: Tuesday, July 05, 2011 3:43 AM
> To: Moh Yen Liew
> Cc: cifs-protocol at cifs.org
> Subject: Re: [cifs-protocol] [MS-NRPC] Problem encrypting data when use AES based Netlogon SChannel
>
> On Sun, Jul 3, 2011 at 8:47 PM, Moh Yen Liew <mohyen.liew at wesoft.com> wrote:
>> Hi:
>>
>> I am trying to implement AES-based Netlogon SChannel with
>> Windows 2k8R2 server.
>>
>> However, the server always return 0x00721 status code to me.
> <snip>
>> Please see attached network trace:
>>
>> - pkt 531, which contain the encrypted data
>>
>> - Pkt 532, server return 0x721 status code .
> <snip>
>> If AES is negotiated, decrypt using an initialization vector
>> constructed by concatenating twice the sequence number ( thus getting 16
>> bytes of data)
>
> Hi Yen,
>
> Is bit 17 in NegotiateFlags of NetrServerAuthenticate3 supposed to be
> off like it is in your capture?
>
> Mike
>
> --
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/
>
--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
More information about the cifs-protocol
mailing list