Hi Andrew, I'm working with the product group in confirming my findings.
I am pretty sure that the first two longs in array ExpansionRoom in NETLOGON_VALIDATION_SAM_INFO4 (2.2.1.4.13 MS-NRPC) are used for the LanmanSessionKey but like I said I need to confirm it with the product group before giving you a definitive answer. I'll keep you updated as soon as I have the definitive response. Thanks and regards, Sebastian Canevari Senior Support Escalation Engineer, US-CSSĀ DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 "Las Colinas - LC2" Tel: +1 469 775 7849 e-mail: [email protected] -----Original Message----- From: Andrew Bartlett [mailto:[email protected]] Sent: Monday, July 27, 2009 10:42 PM To: Interoperability Documentation Help Cc: [email protected]; [email protected] Subject: Inability to use Win2k8 as a member server in Samba4 domain (was Clarify reserved bytes that are in fact used in LogonSamLogonEx response) On Fri, 2009-07-24 at 16:37 +1000, Andrew Bartlett wrote: > On Mon, 2009-07-20 at 22:00 +1000, Andrew Bartlett wrote: > > G'day, > > > > My friend in Samba development Matthieu has been chasing down small > > but possibly significant differences between Samba4 and Windows. He > > is puzzled by the following, and we wondered if you might be able to > > shed some light on the matter. > > I've reproduced the problem locally, and attach the sniffs of the > network behaviour. Has there been any progress in reproducing this problem, or at the very least advising us of the answer to our initial inquiry? We can handle the Kerberos issue (a partial fix for that is in already in the tree), but the STATUS_REQUEST_NOT_ACCEPTED issue has us stumped. > This is being tracked in Samba bug: > > https://bugzilla.samba.org/show_bug.cgi?id=6273 > > > The traces include: > > samba4-to-win2008-failure: > an NTLM login attempt, an attempt to use Samba's own SPNEGO libraries > (which are faulty) > > samba4-to-win2008-failure-gensec_spnego: > a Kerberos login attempt using Heimdal's SPENGO code > > This shows that the problem is not just in NTLM logins, but perhaps in > the PAC/info3 reply. Is some kind of per-user licensing thing tied up > here? I've tried to up the number of users permitted to access the > share, without success. > > If you need any assistance setting up Samba4 to reproduce this, I am > more than willing to assist. > > The commands I used were: > bin/smbclient //win2008-2/test -Uadministrator%samba2 -d1 -kno > bin/smbclient //win2008-2/test -Uadministrator%samba2 -d1 -kyes > bin/smbclient //win2008-2/test -Uadministrator%samba2 -d1 -kyes > --option=gensec:spnego=no --option=gensec:gssapi_spnego=yes > > Also see the attached patch to Samba4 rev > d005e4dabb396607d959ece8da3c649797d59d44 to make the last command work. > > Andrew Bartlett > -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
