[cifs-protocol] KB5028166 introduced undocumented changes to MS-NRPC?
Ralph Boehme
slow at samba.org
Thu Jul 13 09:10:32 UTC 2023
Hello dochelp,
we're receiving numerous user reports that after installing KB5028166
related updates applications on Windows clients can't authenticate
anymore against Samba AD DCs.
https://bugzilla.samba.org/show_bug.cgi?id=15418
It looks like the Windows update introduced changes to netlogon that are
not implemented in Samba and also not documented in MS-NRPC.
The logs on the Samba DC tells us the problem is a new
NETLOGON_CAPABILITIES type "2":
[2023/07/12 18:04:47.063445, 1, pid=11202, effective(0, 0), real(0, 0),
class=rpc_parse] ../../librpc/ndr/ndr.c:490(ndr_print_function_debug)
netr_LogonGetCapabilities: struct netr_LogonGetCapabilities
out: struct netr_LogonGetCapabilities
return_authenticator : *
return_authenticator: struct netr_Authenticator
cred: struct netr_Credential
data : XXXXXXXXXXXXXXXX
timestamp : (time_t)0
capabilities : *
capabilities : union
netr_Capabilities(case 2)
UNKNOWN LEVEL 2
result : NT_STATUS_NOT_SUPPORTED
MS-NRPC only documents type 1:
<https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/f03cad67-077f-4042-80b0-cdc38dca9968>
Please read my description with a grain of salt, I'm not the netlogon
expert on our team, just wanted to set the ball rolling... :)
Thanks!
-slow
--
Ralph Boehme, Samba Team https://samba.org/
SerNet Samba Team Lead https://sernet.de/en/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20230713/19c0f521/OpenPGP_signature.sig>
More information about the cifs-protocol
mailing list