On Sun, 2008-09-07 at 17:01 -0700, Hongwei Sun wrote: > Andrew, > > I went through the logic of the generic pass through function in > Kerberos package for both Windows server 2003 and 2008. I found that > it only processes KerbVerifyPacMessage (0x03). For any other message > types, STATUS_ACCESS_DENIED should be returned. > > Could you give me more information about your testing ? Which > version of Windows server did you use ? Did you just use a > KERB_VERIFY_PAC_REQUEST structure as LogonInformation passed to > NetrLogonSamLogon() and set MessageType from 0x00 to 0xFF ? If you > can send us a network trace to show that NT_STATUS_OK is returned for > any message type other than 0x03, it would be really helpful.
Feel free to run smbtorture's RPC-PAC against your server (ensure you turn on kerberos with the '-k yes' switch to get kerberos failures early). I was testing against a Windows 2003 DC. A trace would not be much use, as this is encrypted (which was my first mistake :-) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
