Samba-3.0.7-1.3E Active Directory Issues

Jeremy Allison jra at
Wed Oct 27 00:47:27 GMT 2004

On Tue, Oct 26, 2004 at 04:25:56PM -0400, Nalin Dahyabhai wrote:

> BTW, I'm using a test program I've placed on [2] to
> obtain credentials for services and verify them with the machine
> password -- most of the additional guesses which the patch now makes are
> things that I stumbled onto while continuing to test things.  It's been
> very helpful in determining what's happening on the KDC.
> One more, unrelated, issue that I've run into is that SMB signing
> doesn't seem to work quite right if the session key which the client and
> server negotiate is a DES key.  After some guessing, it looks as though
> the key either needs to be at least 128 bits long, or it needs to be
> padded with zeros to make it seem so [3].
> Further feedback is still appreciated.
> Thanks,
> Nalin
> [1]
> [2]
> [3]


	Just wanted to let you know that I'm integrating and testing
these for Samba 3.0.8 right now - we're not dropping them. Thanks a *lot*
for all your work on this.

The only problem right now is you're using a couple of MIT-only interfaces


which don't exist in Heimdal (the kerberos used on SuSE and others).
I'm going to have to fix this before I can commit the patch (but please
coodinate with me if you're making other changes to the keytab patch,
as I'm half way through the integration work now).

I don't like to usually just "patch <input" a patch as I need to
understand it fully (especially in the kerberos code :-), so it can
take a little time to integrate something.

Also I need to valgrind it thoroughly :-).



More information about the samba-technical mailing list