3.0.23: net ads join fails on RHEL3

Andrew Bartlett abartlet at samba.org
Fri Jul 7 05:00:13 GMT 2006

On Thu, 2006-07-06 at 18:50 -0700, Jeremy Allison wrote:
> On Thu, Jul 06, 2006 at 08:36:53PM -0500, Gerald (Jerry) Carter wrote:
> > Hash: SHA1
> > 
> > Gerald (Jerry) Carter wrote:
> > 
> > > ok.  Looks like 'rpc join' case has a 16 byte session key
> > > while the 'ads join' has an 8 byte session key.  Have
> > > have goofed the DES session keys ?
> > 
> > Hmmm....so the RC4-HMAC krb5 session setup gives us
> > a 16 byte session key.  That would make sense why it works
> > on SuSE 10.0.
> Wasn't there an old Red Hat patch that truncated
> the sesssion key to 8 bytes that we removed...
> I do seem to remember this. Andrew Bartlett might
> remember more.

Yeah, there were various bits of mess around here.  We put the patch in,
then thought it broke something else and removed it.  I would not be
surprised if the answer lies in the middle somewhere.   The purpose of
the Samba4 test_session_key.sh script is to catch *some* of these
issues, but I think there are some combinations we haven't explored. 

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060707/b737ffcb/attachment.bin

More information about the samba-technical mailing list