Andrew,
We ran Smbtortue RPC-PAC testing on windows 2008 DC and got the following output. [EMAIL PROTECTED] source]# bin/smbtorture -k yes //VM-W2K8.nick.com/public RPC-PAC Using seed 1220896649 Running PAC Password for [NICKDOM\root]: Domain join failed - Connection to SAMR pipe of DC VM-W2K8.nick.com failed: Connection to DC VM-W2K8.nick.com failed: NT_STATUS_UNSUCCESSFUL Setup failed: torture/rpc/rpc.c:144: Failed to join as BDC PAC took 11.264 sec Is this what you observed ? Is there any documentation describing what this test is doing ? Thanks ! Hongwei -----Original Message----- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Sunday, September 07, 2008 7:07 PM To: Hongwei Sun Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Other types of Kerberos messages on SamLogon Generic On Sun, 2008-09-07 at 17:01 -0700, Hongwei Sun wrote: > Andrew, > > I went through the logic of the generic pass through function in > Kerberos package for both Windows server 2003 and 2008. I found that > it only processes KerbVerifyPacMessage (0x03). For any other message > types, STATUS_ACCESS_DENIED should be returned. > > Could you give me more information about your testing ? Which > version of Windows server did you use ? Did you just use a > KERB_VERIFY_PAC_REQUEST structure as LogonInformation passed to > NetrLogonSamLogon() and set MessageType from 0x00 to 0xFF ? If you > can send us a network trace to show that NT_STATUS_OK is returned for > any message type other than 0x03, it would be really helpful. Feel free to run smbtorture's RPC-PAC against your server (ensure you turn on kerberos with the '-k yes' switch to get kerberos failures early). I was testing against a Windows 2003 DC. A trace would not be much use, as this is encrypted (which was my first mistake :-) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
