[cifs-protocol] Protocol changes in KB2992611 [115012312316449]
Andrew Bartlett
abartlet at samba.org
Mon Jan 26 15:12:32 MST 2015
On Mon, 2015-01-26 at 20:01 +0000, Obaid Farooqi wrote:
> Hi Andrew:
> This is kind of an open ended question.
I do realise that, but presumably there are some detailed notes that
backed up the KB as to what specifically was changed? From the outside,
given the widespread impact, it looks like a swap out of the whole X.509
supporting stack for a newer version, where the new version checks more
error codes, but I'm hoping it was more limited than that.
> Can you please let me know the specific scenario that is failing after the application of this kb with supporting network trace? I need that to repro the scenario, debug, file bug etc.
Samba AD DC from git master (all 4.x versions apparently impacted), join
Windows 8.1 with current updates (either the updated iso from 2014-12
as-is or with all updates) and open the 'credentials manager' from
control panel when logged in as the domain administrator. It fails in
line with
https://social.technet.microsoft.com/Forums/windows/en-US/47faab6b-d717-4068-bee4-c694811e0066/credential-manager-problems-error-0x80090345?forum=w8itpronetworking
https://groups.google.com/forum/#!topic/mailing.unix.samba/g1kctbsI5Ng
Presumably creating new users will allow the failure to be reproduced
without the whole re-join, but we worked from multiple VMs and snapshots
to keep it reproducible.
I've also tried additionally with the patches from here, without
success:
http://repo.or.cz/w/Samba/reqa.git/shortlog/refs/heads/BKRP
git://repo.or.cz/Samba/reqa.git BKRP
A genuinely unpatched Windows 8.1 works against Samba master.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: windows8.1-creds-manager-against-2012r2-from-join.pcapng
Type: application/x-pcapng
Size: 844848 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20150127/d6876aac/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: windows8.1-creds-manager-against-samba4-BKRP-branch-from-boot.pcapng
Type: application/x-pcapng
Size: 1122916 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20150127/d6876aac/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: windows8.1-creds-manager-against-samba4-master-from-boot.pcapng
Type: application/x-pcapng
Size: 1303788 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20150127/d6876aac/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: windows8.1-unpatched-creds-manager-against-samba4-master-from-join.pcapng
Type: application/x-pcapng
Size: 1235384 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20150127/d6876aac/attachment-0007.bin>
More information about the cifs-protocol
mailing list