[PATCH] Re: netlogon_creds_cli_validate() in master4-schannel

[Stefan (metze) Metzmacher]

Hi,

>>> Thanks! Are you able to do a wintest with this?
>>>
>>> I also want to do some tests with windows dcs.
>>>
>>> I important thing I want to verify is the behavior of
>>>
>>>          invalidate_cm_connection(&domain->conn);
>>> +       domain->conn.netlogon_force_reauth = true;
>>>
>>> in _wbint_CheckMachineAccount() and related code.
>>>
>>> Testing against a s4 dc showed that we are doing
>>> netr_ServerReqChallenge/netr_ServerAuthenticate3 over a connection
>>> with DCERPC_AUTH_TYPE_SCHANNEL/DCERPC_AUTH_LEVEL_PRIVACY and I'm not
>>> sure Windows also likes that.
>>>
>>> I think some combination of 'wbinfo -t' and 'wbinfo -c' triggered that.
>>>
>>> Günther can you also do some tests with your VMs?
>> I'll get Garming to give this a test against some real Windows VMs, and
>> yes, this is a very good excuse to get wintest running again.
>>
>> Andrew Bartlett
>>
> 
> It appears to work just fine on my end.

Against what windows versions did you test?

I've tested today against a w2012 dc and found that it works.

I just found one bug when using net rpc testjoin, which triggered
a DCERPC_FAULT_SEC_PKG_ERROR.
This commit should fix the problem for now:
https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=88d3b57a7f744c4be39668031717df146eba7e6d
it's part of
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-schannel-ok
now.

I've done some captures see
https://www.samba.org/~metze/ads/caps/netlogon/v4-0-schannel/20131213/

I'll try to do some more testing on monday.

metze