[cifs-protocol] Fwd: machine join not working if PacRequestorEnforcement set to 2 (CVE-2021-42287)
David Mulder
dmulder at samba.org
Fri Jan 14 18:35:56 UTC 2022
-------- Forwarded Message --------
Subject: machine join not working if PacRequestorEnforcement set to 2
(CVE-2021-42287)
Date: Fri, 14 Jan 2022 11:35:21 -0700
From: David Mulder <dmulder at samba.org>
To: dochelp at microsoft.com
CC: Ivanova, Nadezhda <nivanova at samba.org>, Bose, Sumit
<sbose at redhat.com>, Andrew Bartlett <abartlet at samba.org>
An adcli machine join now fails when PacRequestorEnforcement is set to 2
(as explained in this support doc:
https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041).
Sumit has produced a network trace which can be found here:
https://bugzilla.redhat.com/show_bug.cgi?id=2039349
What appears to be happening is the Administrator account fails to set
the machine account password after the account has been created. Can we
confirm whether this is the correct behavior, and if so, what
mitigations can we take?
--
*David Mulder*
Labs Software Engineer, Samba
SUSE
1221 Valley Grove Way
Pleasant Grove, UT 84062
(P)+1 385.666.5660
dmulder at suse.com
<http://www.suse.com/>
More information about the cifs-protocol
mailing list