[cifs-protocol] KB5028166 introduced undocumented changes to MS-NRPC?

Ralph Boehme slow at samba.org
Thu Jul 13 09:10:32 UTC 2023

Hello dochelp,

we're receiving numerous user reports that after installing KB5028166 
related updates applications on Windows clients can't authenticate 
anymore against Samba AD DCs.


It looks like the Windows update introduced changes to netlogon that are 
not implemented in Samba and also not documented in MS-NRPC.

The logs on the Samba DC tells us the problem is a new 

[2023/07/12 18:04:47.063445,  1, pid=11202, effective(0, 0), real(0, 0), 
class=rpc_parse] ../../librpc/ndr/ndr.c:490(ndr_print_function_debug)
        netr_LogonGetCapabilities: struct netr_LogonGetCapabilities
           out: struct netr_LogonGetCapabilities
               return_authenticator     : *
                   return_authenticator: struct netr_Authenticator
                       cred: struct netr_Credential
                           data                     : XXXXXXXXXXXXXXXX
                       timestamp                : (time_t)0
               capabilities             : *
                   capabilities             : union 
netr_Capabilities(case 2)
                   UNKNOWN LEVEL 2
               result                   : NT_STATUS_NOT_SUPPORTED

MS-NRPC only documents type 1:


Please read my description with a grain of salt, I'm not the netlogon 
expert on our team, just wanted to set the ball rolling... :)


Ralph Boehme, Samba Team                      https://samba.org/
SerNet Samba Team Lead                     https://sernet.de/en/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20230713/19c0f521/OpenPGP_signature.sig>

More information about the cifs-protocol mailing list