On Tue, Jul 5, 2011 at 12:01 AM, Moh Yen Liew <[email protected]> wrote: > Hi Mike: > According to MS-NRPC pg 111, bit 17 (indicated as bit R) of negotiable > flag is actually referring to "supports the NetrServerPasswordSet2 > functionality".
Page numbers are probably not going to line up well and I think you're counting bits from the opposite direction but in my (arguably very old) copy of [MS-NRPC] shows bit 17 (indicated as bit 'O') of NegotiateFlags in NetrServerAuthenticate3 described as: "Supports strong keys. Added in Windows 2000 Server and supported in Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008." I have no idea what this bit really does but WireShark describes it as "AES & SHA2 supported: Not set" and it's off in your capture. Mike > -----Original Message----- > From: Michael B Allen [mailto:[email protected]] > Sent: Tuesday, July 05, 2011 3:43 AM > To: Moh Yen Liew > Cc: [email protected] > Subject: Re: [cifs-protocol] [MS-NRPC] Problem encrypting data when use AES > based Netlogon SChannel > > On Sun, Jul 3, 2011 at 8:47 PM, Moh Yen Liew <[email protected]> wrote: >> Hi: >> >> I am trying to implement AES-based Netlogon SChannel with >> Windows 2k8R2 server. >> >> However, the server always return 0x00721 status code to me. > <snip> >> Please see attached network trace: >> >> - pkt 531, which contain the encrypted data >> >> - Pkt 532, server return 0x721 status code . > <snip> >> If AES is negotiated, decrypt using an initialization vector >> constructed by concatenating twice the sequence number ( thus getting 16 >> bytes of data) > > Hi Yen, > > Is bit 17 in NegotiateFlags of NetrServerAuthenticate3 supposed to be > off like it is in your capture? > > Mike > > -- > Michael B Allen > Java Active Directory Integration > http://www.ioplex.com/ > -- Michael B Allen Java Active Directory Integration http://www.ioplex.com/ _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
