[cifs-protocol] encryption key for NetrLogonSamLogonEx

Matthieu Patou mat at samba.org
Sat Feb 11 16:40:39 MST 2012

Hello Dochelp,

A bug report concerning user's session key was reported in samba when 
using level 3 validation for NetrLogonSamLogonEx.

I did a bit of investigation and witnessed the corruption if we use 
level 3 validation for NetrLogonSamLogonEx and if samba opens more than 
1 schannel connection with one DC and is not using the session key of 
the latest connection for decrypting the user's session key (and other 
encrypted fields) in the Validation 3 response.

I checked that samba is using the same key for encrypting and decrypting 
schannel and sensitive fields in the validation 3 response of the 
NetrLogonSamLogonEx call.

MS-NRPC seems to indicate that the session key should be the same and I 
didn't find a trace in the documentation saying that only the latest 
session key exchanged during a NetrAuthenticateX and what seems even 
more puzzeling is that using the "old" session key for schannel 
encryption and decryption works.

Can you explain us the problem ?

I can do TTTrace as the problem is highly reproducible.


Matthieu Patou
Samba Team

More information about the cifs-protocol mailing list