[Samba] Vista SP1-rc1 appears to break against Samba-3.0.27a

krisani p krisani.p at gmail.com
Mon Jul 7 13:09:26 GMT 2008 

Hello,

Is the Vista compatibilty issue resolved?
Is there any change in PAC structure sent by Vista?

Would appreciate any information on this.

Thanks
Kris



Hi Jeremy,
>
> I started having similar problems after installing Vista SP1 RTM. I
> patched samba to dump that *auth_data blob, here it is:
>
> [2008/03/03 17:20:33, 10] libsmb/clikrb5.c:unwrap_pac(292)
>    authorization data is not a Windows PAC (type: 141)
>
> [2008/03/03 17:20:33, 10] libsmb/clikrb5.c:unwrap_pac(294)
>    DATA_BLOB *auth_data dump follows:
> [2008/03/03 17:20:33, 10] lib/util.c:dump_data(2264)
>    [000] B0 0F 3F 80 43 00 00 00  16 96 21 80 70 13 40 80  °.?.C... ..!.p. at . <https://lists.samba.org/mailman/listinfo/samba>
>
>    [010] D0 1D 83 BF 16 96 21 80  84 CE 36 80 00 00 00 00  Đ..ż..!. .Î6.....
>    [020] 58 34 83 BF 08 1E 83 BF  A3 4E 2C 80 80 8E 3F 80  X4.ż...ż ŁN,...?.
>    [030] E4 1D 83 BF 28 D4 3D 80  01 00 00 00 98 02 39 80  ä..ż(Ô=. ......9.
>
>    [040] 00 00 00                                          ...
> [2008/03/03 17:20:33, 3] libads/kerberos_verify.c:ads_verify_ticket(469)
>    ads_verify_ticket: did not retrieve auth data. continuing without PAC
>
>
> If you need any more information/tests, please let me know, I will be
> more than happy to assist! I'd be really grateful if this compatibility
> issue could be solved soon.
>
> Best regards
> Petr
>
>
>
> Jeremy Allison wrote:
> >* On Tue, Dec 11, 2007 at 06:28:53PM -0800, Jeremy Allison wrote:
> *>>* On Wed, Dec 12, 2007 at 01:49:43PM +1300, Jason Haar wrote:
> *>>>* ..whereas Vista-SP1rc1 shows
> *>>>*
> *>>>* [2007/12/12 00:20:42, 10]
> *>>>* libsmb/clikrb5.c:get_krb5_smb_session_key(735)          Got KRB5 session
> *>>>* key of length 16
> *>>>* [2007/12/12 00:20:42, 10] libsmb/clikrb5.c:unwrap_pac(292) authorization
> *>>>* data is not a Windows PAC (type: 141)
> *>>>* ....
> *>>* Ah yes. That's the key. Samba isn't getting the pac info
> *>>* correctly so no group info. We need to see a the data
> *>>* blob "auth_data" being passed to this function in libsmb/clikrb5.c :
> *>>*
> *>>* bool unwrap_pac(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, DATA_BLOB
> *>>* *unwrapped_pac_data)
> *>*
> *>* We're looking for a type of :
> *>*
> *>* #define KRB5_AUTHDATA_WIN2K_PAC 128
> *>*
> *>* and getting 141 instead. I really need to see that blob :-).
> *>*
> *>* Jeremy.
> *>*
> *>* *
>
>

More information about the samba mailing list