[cifs-protocol] Protocol changes in KB2992611 [115012312316449]

Andrew Bartlett abartlet at samba.org
Tue Feb 3 10:43:27 MST 2015 

On Tue, 2015-02-03 at 15:37 +0000, Obaid Farooqi wrote:
> Hi Andrew:
> I am trying to reproduce the issue. So far I am unsuccessful. 

That is very odd.

> From the posts you mentioned, the credentials manager does not open if
> a windows 8.1 machine is joined to Samba domain and kb2992611 is
> applied? Just want to confirm I got this right.

Strictly, what we tested was all updates or Dec 2014 Update DVD vs no
updates.  The users narrowed it down to this KB however.  This is Samba
as an AD DC.

> I am using Samba 4.1.6 that Ubuntu installs.

We reproduced with git master, but the customer and users reporting are
running sernet-samba-4.1.11-9.el6.x86_64 on CentOS 6.5 and 4.2rc3
respectively.  

Thanks,

Andrew Bartlett

> Regards,
> Obaid Farooqi
> Escalation Engineer | Microsoft
> 
> Exceeding your expectations is my highest priority.  If you would like to provide feedback on your case you may contact my manager at nkang at Microsoft dot com
> 
> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at samba.org] 
> Sent: Monday, February 2, 2015 8:42 PM
> To: Obaid Farooqi
> Cc: MSSolve Case Email; cifs-protocol at samba.org
> Subject: Re: [cifs-protocol] Protocol changes in KB2992611 [115012312316449]
> 
> On Tue, 2015-01-27 at 15:55 +1300, Andrew Bartlett wrote:
> > I've got into our server with the (presumably) failing packet.  The 
> > client appears to have started requiring that BACKUPKEY_BACKUP_GUID, 
> > ie the ServerWrap protocol 7f752b10-178e-11d1-ab8f-00805f14db40 
> > actually work (we do not implement it yet).
> > 
> > Before this update, the client is happy for this to fail, now it 
> > persists with continuing to contact the server, and having this 
> > operation fail.  This repeats and repeats.
> > 
> > I'm also quite curious as to why an update in 2014 is moving clients 
> > to require use of the RC4 based protocol, given all the bad press that 
> > cyrpto had got.  This failure is just after a successful call to the 
> > ClientWrap protocol, which should be much better.
> > 
> > I await your thoughts,
> 
> Any news on this?  I'm planning on making an implementation of the ServerWrap protocol, but it would help to know what actually changed, so I know if this is likely to help.
> 
> Thanks,
> 
> Andrew Bartlett
> --
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba
> 
> 
> 
> 
> 

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the cifs-protocol mailing list