unknown RPC opcodes during join+logon
rsharpe at ns.aus.com
Thu Sep 19 17:29:01 GMT 2002
On Fri, 20 Sep 2002, Luke Howard wrote:
> >Btw, I tried 0x6B because I saw it consistently in traces between my
> >Win2K clients and Win2K PDC (to see it, netbios name should have an even
> >length) Not sure if this is just because of some configuration issue
> >though - which is why I was hoping you could cross-check for me ;-)
> This is odd, I would like to see a trace.
Yes, so would I :-)
> In any case, it appears that an Active Directory client _insists_ on
> using the 0x0007ffff negotiate flags and (thus?) the new algorithm. So
> I'm going to have to figure out what it is -- I've tried a few permutations
> of RC4, HMAC, etc but to no avail so far. How did the SAMBA team figure
> out the original secure channel, I wonder?
Well, it was Luke who claimed to figure it out, and even then, from what I
can tell, he could not get past the first exchange :-)
Secondly, an XP client, when I switch off Sign&Seal, is happy with the
standard 0x1FF flags that Samba returns, but does not like it when
Sign&Seal is in force and simply stops communicating at that point.
That 0x6b flag looks important, because I seem to recall that it was the
flags sent or returned by WinXP. Perhaps the AD client ignores the lower
bits when Sign&Seal is in use.
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com
More information about the samba-technical