svn commit: samba r8164 - in branches/SAMBA_4_0/source: auth
auth/kerberos include
Stefan (metze) Metzmacher
metze at samba.org
Wed Jul 6 04:36:57 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Bartlett schrieb:
> On Tue, 2005-07-05 at 10:57 +0000, metze at samba.org wrote:
>
>>Author: metze
>>Date: 2005-07-05 10:57:39 +0000 (Tue, 05 Jul 2005)
>>New Revision: 8164
>>
>>WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=8164
>>
>>Log:
>>- match the ordering w2k3 uses for the PAC_BUFFER:
>> LOGON_INFO
>> LOGON_NAME
>> SRV_CHECKSUM
>> KDC_CHECKSUM
>>
>>- w2k3 also don't use the groupmembership array with rids
>> it uses the othersids array
>
>
> Can you check how this behaves in the netlogon reply? It seems odd to
> me that the same structure would be encoded in different ways between
> the two.
I saw it using the groupmembership array with rids in a later try in the PAC too,
but I have also tested to send invalid signatures and a complete ZERO PAC blob,
and all gave the same error on the logon prompt:
name or SID doesn't match the trusted domain info
and I think this means the pac validation fails,
btw: I used w2k3 server to join samba4
and I have tried to join this w2k3 server as a member to my w2k3 domain,
and compare the results. And I saw some differences but had no time to look at closer.
Can you try to handle ldap/sernox4.sernoxdom4.mx.base/sernox4.sernoxdom4.mx.base style TGS-REQ's
And also try to send the PAC in the AS-REP.
- --
metze
Stefan Metzmacher <metze at samba.org> www.samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCy1/mm70gjA5TCD8RAn/tAJ99YOUhqV4Me/TgVJlt6+w6seen/ACbBbOu
aFjWTnFOjHsMKF6Vghl+O1E=
=6S0D
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list