3.0.23: net ads join fails on RHEL3
Andrew Bartlett
abartlet at samba.org
Fri Jul 7 05:00:13 GMT 2006
On Thu, 2006-07-06 at 18:50 -0700, Jeremy Allison wrote:
> On Thu, Jul 06, 2006 at 08:36:53PM -0500, Gerald (Jerry) Carter wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Gerald (Jerry) Carter wrote:
> >
> > > ok. Looks like 'rpc join' case has a 16 byte session key
> > > while the 'ads join' has an 8 byte session key. Have
> > > have goofed the DES session keys ?
> >
> > Hmmm....so the RC4-HMAC krb5 session setup gives us
> > a 16 byte session key. That would make sense why it works
> > on SuSE 10.0.
>
> Wasn't there an old Red Hat patch that truncated
> the sesssion key to 8 bytes that we removed...
>
> I do seem to remember this. Andrew Bartlett might
> remember more.
Yeah, there were various bits of mess around here. We put the patch in,
then thought it broke something else and removed it. I would not be
surprised if the answer lies in the middle somewhere. The purpose of
the Samba4 test_session_key.sh script is to catch *some* of these
issues, but I think there are some combinations we haven't explored.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060707/b737ffcb/attachment.bin
More information about the samba-technical
mailing list