SMB signing and 2ROT13
Andrew Bartlett
abartlet at samba.org
Fri Dec 8 21:03:09 GMT 2006
On Fri, 2006-12-08 at 11:52 -0800, Dave Daugherty wrote:
> I saw this problem when implementing SMB signing on a non Samba product
> when working against a windows 2000 service pack 2.
> The windows server negotiated signing, but in fact it did not sign the
> last session setup and X response and just reflected back what I sent.
> My workaround was to check if it was the sessionSetupAndX response
> message and if it reflected back my last signature.
>
> In this case I continued to sign my packets, but stopped checking the
> signatures from the windows 2000 server.
Hmm, this is an interesting case. We are a little more optimistic than
windows in signing the session setup requests. Windows will start
signing on the server with the last session setup reply, but sends only
"BSRSPYL " as the signature on all requests. The last session setup
reply should contain a valid signature, unless signing is turned off by
policy.
As a rule, when signing is not required by policy, the windows server
simply echos back the client values.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20061209/fa667245/attachment.bin
More information about the samba-technical
mailing list