svn commit: samba r8164 - in branches/SAMBA_4_0/source: auth
auth/kerberos include
Andrew Bartlett
abartlet at samba.org
Wed Jul 6 10:21:29 GMT 2005
On Wed, 2005-07-06 at 06:36 +0200, Stefan (metze) Metzmacher wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Andrew Bartlett schrieb:
> > On Tue, 2005-07-05 at 10:57 +0000, metze at samba.org wrote:
> >
> >>Author: metze
> >>Date: 2005-07-05 10:57:39 +0000 (Tue, 05 Jul 2005)
> >>New Revision: 8164
> >>
> >>WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=8164
> >>
> >>Log:
> >>- match the ordering w2k3 uses for the PAC_BUFFER:
> >> LOGON_INFO
> >> LOGON_NAME
> >> SRV_CHECKSUM
> >> KDC_CHECKSUM
> >>
> >>- w2k3 also don't use the groupmembership array with rids
> >> it uses the othersids array
> >
> >
> > Can you check how this behaves in the netlogon reply? It seems odd to
> > me that the same structure would be encoded in different ways between
> > the two.
>
> I saw it using the groupmembership array with rids in a later try in the PAC too,
>
> but I have also tested to send invalid signatures and a complete ZERO PAC blob,
> and all gave the same error on the logon prompt:
>
> name or SID doesn't match the trusted domain info
>
> and I think this means the pac validation fails,
My errors (with WinXP) is actually the normal 'logon failure' response.
> btw: I used w2k3 server to join samba4
> and I have tried to join this w2k3 server as a member to my w2k3 domain,
> and compare the results. And I saw some differences but had no time to look at closer.
>
> Can you try to handle ldap/sernox4.sernoxdom4.mx.base/sernox4.sernoxdom4.mx.base style TGS-REQ's
> And also try to send the PAC in the AS-REP.
Handling extra principals is easy, I'll look at that tonight.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050706/ad418b9f/attachment.bin
More information about the samba-technical
mailing list