[cifs-protocol] Protocol changes in KB2992611 [115012312316449]

Andrew Bartlett abartlet at samba.org
Mon Jan 26 15:12:32 MST 2015

On Mon, 2015-01-26 at 20:01 +0000, Obaid Farooqi wrote:
> Hi Andrew:
> This is kind of an open ended question.

I do realise that, but presumably there are some detailed notes that
backed up the KB as to what specifically was changed?  From the outside,
given the widespread impact, it looks like a swap out of the whole X.509
supporting stack for a newer version, where the new version checks more
error codes, but I'm hoping it was more limited than that. 

> Can you please let me know the specific scenario that is failing after the application of this kb with supporting network trace? I need that to repro the scenario, debug, file bug etc.

Samba AD DC from git master (all 4.x versions apparently impacted), join
Windows 8.1 with current updates (either the updated iso from 2014-12
as-is or with all updates) and open the 'credentials manager' from
control panel when logged in as the domain administrator.  It fails in
line with 

Presumably creating new users will allow the failure to be reproduced
without the whole re-join, but we worked from multiple VMs and snapshots
to keep it reproducible. 

I've also tried additionally with the patches from here, without
git://repo.or.cz/Samba/reqa.git BKRP

A genuinely unpatched Windows 8.1 works against Samba master. 


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

-------------- next part --------------
A non-text attachment was scrubbed...
Name: windows8.1-creds-manager-against-2012r2-from-join.pcapng
Type: application/x-pcapng
Size: 844848 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20150127/d6876aac/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: windows8.1-creds-manager-against-samba4-BKRP-branch-from-boot.pcapng
Type: application/x-pcapng
Size: 1122916 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20150127/d6876aac/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: windows8.1-creds-manager-against-samba4-master-from-boot.pcapng
Type: application/x-pcapng
Size: 1303788 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20150127/d6876aac/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: windows8.1-unpatched-creds-manager-against-samba4-master-from-join.pcapng
Type: application/x-pcapng
Size: 1235384 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20150127/d6876aac/attachment-0007.bin>

More information about the cifs-protocol mailing list