[cifs-protocol] [REG:112021212002899] encryption key for NetrLogonSamLogonEx

Obaid Farooqi obaidf at microsoft.com
Wed Feb 15 10:06:15 MST 2012

Hi Matthieu:
Yes, please send me the ttt traces and more details about the problem. Your email did not give me a good grasp of the issue.

Obaid Farooqi
Escalation Engineer | Microsoft

Exceeding your expectations is my highest priority.  If you would like to provide feedback on your case you may contact my manager at nkang at Microsoft dot com

From: Matthieu Patou
Sent: 2/11/2012 5:40 PM
To: Interoperability Documentation Help; pfif at tridgell.net<mailto:pfif at tridgell.net>; cifs-protocol at samba.org<mailto:cifs-protocol at samba.org>
Subject: [cifs-protocol] encryption key for NetrLogonSamLogonEx
Hello Dochelp,

A bug report concerning user's session key was reported in samba when
using level 3 validation for NetrLogonSamLogonEx.

I did a bit of investigation and witnessed the corruption if we use
level 3 validation for NetrLogonSamLogonEx and if samba opens more than
1 schannel connection with one DC and is not using the session key of
the latest connection for decrypting the user's session key (and other
encrypted fields) in the Validation 3 response.

I checked that samba is using the same key for encrypting and decrypting
schannel and sensitive fields in the validation 3 response of the
NetrLogonSamLogonEx call.

MS-NRPC seems to indicate that the session key should be the same and I
didn't find a trace in the documentation saying that only the latest
session key exchanged during a NetrAuthenticateX and what seems even
more puzzeling is that using the "old" session key for schannel
encryption and decryption works.

Can you explain us the problem ?

I can do TTTrace as the problem is highly reproducible.


Matthieu Patou
Samba Team

cifs-protocol mailing list
cifs-protocol at cifs.org<mailto:cifs-protocol at cifs.org>


Microsoft is committed to protecting your privacy. Please read the Microsoft Privacy Statement<http://go.microsoft.com/fwlink/?LinkId=81184> for more information.

The above is an email for a support case from Microsoft Corp.
REPLY ALL TO THIS MESSAGE or INCLUDE casemail at microsoft.com<mailto:casemail at microsoft.com>
IN YOUR REPLY if you want your response added to the case automatically.
For technical assistance, please include the Support Engineer on the TO: line.
Thank you.(*634649223749922356*)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20120215/9c0860e5/attachment.html>

More information about the cifs-protocol mailing list