Signing with Kerberos/Windows client MAC key

Charles L Emig emig at us.ibm.com
Wed Dec 8 17:31:31 GMT 2004


I'm working on an SMB server that needs to support signing SMB requests for
sessions that are established using Kerberos authentication.

>From what I have observed, the local/remote subkey is used as the MAC key
for the client and server sides respectively.  We have a working SMB client
that is able to connect to a Windows server using Kerberos and sign
requests with the local subkey.  The same client is also able to connect to
our server and sign requests as well.

My problem occurs when a Windows client connects to our server.  The
signature for the TCONN request from the Windows client is consistently
failing to match the one expected by our server (which is using the remote
Kerberos subkey as the MAC key).  This indicates to me that the Windows
client is using a different MAC key, but I'm stumped as to what it is.

Does anyone know what the Windows client might be using as the MAC key?

Thanks for your time,
Chuck Emig



More information about the samba-technical mailing list