Stefan, The traces you sent seems to show a correct security context negotiation but something is failing when we go to use that context which is why we see RPC_NT_SEC_PKG_ERROR. I would like to start with getting some more detailed error info from the windows machine by doing the following:
Enabling Extended Error Information. You can do this by following the steps in this msdn article http://msdn.microsoft.com/en-us/library/aa373803(VS.85).aspx and taking a network capture again. This is going to add some additional information in the response that will lead us to a more precise error message. If you can send me that trace with the associated keytab file, I can get further into what the problem is. Richard Guthrie Open Protocols Support Team Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM Tel: +1 (469) 775-7794 E-mail: [EMAIL PROTECTED] We're hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted -----Original Message----- From: Stefan (metze) Metzmacher [mailto:[EMAIL PROTECTED] Sent: Friday, August 15, 2008 1:36 AM To: Andrew Bartlett Cc: Richard Guthrie; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [cifs-protocol] RE: 600169 - RE: DCE/RPC PFC_SUPPORT_HEADER_SIGN not optional Hi, I managed to implement working code that does header signing, with des, arcfour and aes keys. See my feaeture branch at http://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=v4-0-aes3 However it only works with windows 2008 and auth type 16 (kerberos) and it doesn't work with auth type 9 (kerberos via spnego). (Windows 2003 shows the same behavior) See the attached captures. metze
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
