[PATCH] Re: netlogon_creds_cli_validate() in master4-schannel
Stefan (metze) Metzmacher
metze at samba.org
Fri Dec 13 12:40:06 MST 2013
Hi,
>>> Thanks! Are you able to do a wintest with this?
>>>
>>> I also want to do some tests with windows dcs.
>>>
>>> I important thing I want to verify is the behavior of
>>>
>>> invalidate_cm_connection(&domain->conn);
>>> + domain->conn.netlogon_force_reauth = true;
>>>
>>> in _wbint_CheckMachineAccount() and related code.
>>>
>>> Testing against a s4 dc showed that we are doing
>>> netr_ServerReqChallenge/netr_ServerAuthenticate3 over a connection
>>> with DCERPC_AUTH_TYPE_SCHANNEL/DCERPC_AUTH_LEVEL_PRIVACY and I'm not
>>> sure Windows also likes that.
>>>
>>> I think some combination of 'wbinfo -t' and 'wbinfo -c' triggered that.
>>>
>>> Günther can you also do some tests with your VMs?
>> I'll get Garming to give this a test against some real Windows VMs, and
>> yes, this is a very good excuse to get wintest running again.
>>
>> Andrew Bartlett
>>
>
> It appears to work just fine on my end.
Against what windows versions did you test?
I've tested today against a w2012 dc and found that it works.
I just found one bug when using net rpc testjoin, which triggered
a DCERPC_FAULT_SEC_PKG_ERROR.
This commit should fix the problem for now:
https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=88d3b57a7f744c4be39668031717df146eba7e6d
it's part of
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-schannel-ok
now.
I've done some captures see
https://www.samba.org/~metze/ads/caps/netlogon/v4-0-schannel/20131213/
I'll try to do some more testing on monday.
metze
More information about the samba-technical
mailing list