unknown RPC opcodes during join+logon
vijay at spinnakernet.com
Fri Sep 20 00:47:58 GMT 2002
Yes.. the alignment is *after* the credential. You can look at the
even.cap trace I mailed earlier. Stub data begins at 0x4E and the
credential blob starts at 0xE0 (ie. 0x92 bytes away).
To answer Jean's question, odd/even refer to the Netbios name
without the null character. So, in odd.cap, the win2k client
sends 7 and 6 (= sizeof("FUBAR")) as the lengths. In even.cap,
the client sends 8 and 7. Samba sends the same lengths as the
One difference is that Samba uses SMBTrans as the RPC transport
but I doubt that this is significant.
From: Richard Sharpe [mailto:rsharpe at ns.aus.com]
Sent: Thursday, September 19, 2002 8:05 PM
To: Jean Francois Micouleau
Cc: Vijay Kota; samba-technical at lists.samba.org
Subject: RE: unknown RPC opcodes during join+logon
On Fri, 20 Sep 2002, Jean Francois Micouleau wrote:
> On Fri, 20 Sep 2002, Richard Sharpe wrote:
> > On Thu, 19 Sep 2002, Vijay Kota wrote:
> > > I am attaching the traces for 2 clients - FUBAR and FOOBAR.
> > OK, thanks for that, but there is insufficient info in just two
> > allow Ethereal to dissect all the stuff in there.
> > That makes it difficult to see what is going on.
> I would say it's enough.
> vijay, I guess the odd/even name are unicode strings. What are the
> string length values W2K is sending and what samba is sending ?
> if there is an alignment bug it's before the credential blob.
Hmmm, having looked at my trace of a WinXP client calling
ServerAuthenticate3, the alignment bytes are after the
Either than, or Ethereal is wrong in the dissection I have.
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com
More information about the samba-technical