[cifs-protocol] Protocol changes in KB2992611 
obaidf at microsoft.com
Mon Jan 26 15:52:27 MST 2015
I got both of your emails. Looking into it.
Escalation Engineer | Microsoft
Exceeding your expectations is my highest priority. If you would like to provide feedback on your case you may contact my manager at nkang at Microsoft dot com
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Monday, January 26, 2015 4:28 PM
To: Obaid Farooqi
Cc: MSSolve Case Email; cifs-protocol at samba.org
Subject: Re: [cifs-protocol] Protocol changes in KB2992611 
On Mon, 2015-01-26 at 20:01 +0000, Obaid Farooqi wrote:
> Hi Andrew:
> This is kind of an open ended question.
Indeed, and I realise that. I'm not sure if you got my previous mail (I cancelled sending it after realising what size attachments I was trying to send).
However, I'm presuming you have access to some more detailed notes on what was changed in KB2992611 than is public so far, and was hoping you could look into the intersection of that and protected_storage.
From the widespread impact noted elsewhere, it looks like a large upgrade to the X.509 cryptographic subssystem, which is clearly used by the protected_storage module, but if it was more limited, perhaps we could understand what additional requirements were in the design intent.
> Can you please let me know the specific scenario that is failing after the application of this kb with supporting network trace? I need that to repro the scenario, debug, file bug etc.
- Samba GIT master (probably all versions of Samba 4.x) as an AD DC
- Join Windows 8.1 with the 2014-12 update .iso, or a totally updated Windows 8.1
- Log in as administrator
- open credentials manager
We know our BKRP server is insufficient, so I also tried with the patches from:
Attached is a tar.xz (try 7zip to open it) with the captures against various versions of Windows client, and Samba master, Samba master with the BKRP patches mentioned above, and Windows 2012R2.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the cifs-protocol