Obtaining MAC for Signing

Volker Lendecke Volker.Lendecke at SerNet.DE
Thu Apr 8 09:19:13 MDT 2010

On Thu, Apr 08, 2010 at 03:51:56PM +0100, J K wrote:
> I've been struggling for a few days to work out how SMB signing
> works in the case where the CIFS server doesn't have access to user
> credentials. I've read a lot of bits and pieces of protocol docs but
> found it difficult to pin down exactly what I'm after.
> What I don't get is how a CIFS server can obtain the required
> information (for example MIC/MAC/SessionKey/NTLM Hash) for
> generating the signature for a message when they don't know the
> user's password? What protocol is used to ask a Domain Controller
> (presumably this is who supplies it?) for a user's SessionKey,
> NTLM Hash or MIC?

It is obtained via the SamLogonEx call on the NETLOGON RPC
interface, which works when you are a member of the domain
and when you have established an encrypted rpc connection.

describes the NETLOGON RPC interface,

has information on the SamLogonEx call.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100408/5d50c88c/attachment.pgp>

More information about the samba-technical mailing list