[cifs-protocol] encryption key for NetrLogonSamLogonEx

Edgar Olougouna edgaro at microsoft.com
Mon Feb 13 11:29:27 MST 2012

[Dochelp to bcc]


This issue is being tracked as case 112021212002899. An acknowledgement has been sent as well. 
One of our teammates will follow-up with you soon.


-----Original Message-----
From: Darryl Welch 
Sent: Monday, February 13, 2012 12:17 PM
To: Interoperability Documentation Help
Cc: mat at samba.org
Subject: FW: encryption key for NetrLogonSamLogonEx

It looks like Matt received an NDR when attempting to send this request to Dochelp. 

-----Original Message-----
From: Matthieu Patou [mailto:mat at samba.org] 
Sent: Saturday, February 11, 2012 3:41 PM
To: Interoperability Documentation Help; pfif at tridgell.net; cifs-protocol at samba.org
Subject: encryption key for NetrLogonSamLogonEx

Hello Dochelp,

A bug report concerning user's session key was reported in samba when using level 3 validation for NetrLogonSamLogonEx.

I did a bit of investigation and witnessed the corruption if we use level 3 validation for NetrLogonSamLogonEx and if samba opens more than
1 schannel connection with one DC and is not using the session key of the latest connection for decrypting the user's session key (and other encrypted fields) in the Validation 3 response.

I checked that samba is using the same key for encrypting and decrypting schannel and sensitive fields in the validation 3 response of the NetrLogonSamLogonEx call.

MS-NRPC seems to indicate that the session key should be the same and I didn't find a trace in the documentation saying that only the latest session key exchanged during a NetrAuthenticateX and what seems even more puzzeling is that using the "old" session key for schannel encryption and decryption works.

Can you explain us the problem ?

I can do TTTrace as the problem is highly reproducible.


Matthieu Patou
Samba Team

More information about the cifs-protocol mailing list