unknown RPC opcodes during join+logon

Richard Sharpe rsharpe at ns.aus.com
Thu Sep 19 17:29:01 GMT 2002

On Fri, 20 Sep 2002, Luke Howard wrote:

> >Btw, I tried 0x6B because I saw it consistently in traces between my
> >Win2K clients and Win2K PDC (to see it, netbios name should have an even
> >length) Not sure if this is just because of some configuration issue
> >though - which is why I was hoping you could cross-check for me ;-)
> This is odd, I would like to see a trace.

Yes, so would I :-)
> In any case, it appears that an Active Directory client _insists_ on
> using the 0x0007ffff negotiate flags and (thus?) the new algorithm. So
> I'm going to have to figure out what it is -- I've tried a few permutations
> of RC4, HMAC, etc but to no avail so far. How did the SAMBA team figure
> out the original secure channel, I wonder?

Well, it was Luke who claimed to figure it out, and even then, from what I 
can tell, he could not get past the first exchange :-)

Secondly, an XP client, when I switch off Sign&Seal, is happy with the 
standard 0x1FF flags that Samba returns, but does not like it when 
Sign&Seal is in force and simply stops communicating at that point.

That 0x6b flag looks important, because I seem to recall that it was the 
flags sent or returned by WinXP. Perhaps the AD client ignores the lower 
bits when Sign&Seal is in use.

Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org, 
sharpe at ethereal.com

More information about the samba-technical mailing list