Andrew,
I am working with multiple product teams and we want to understand the
scenario better. I searched and found some logs from Samba site regarding
this issue as below:
06/01/06 12:37:21 <vl> abartlet_: Can you tell me the story about
SystemLibraryDTC?
06/01/06 12:37:32 <vl> What is that exactly, when is that used?
06/01/06 12:38:20 <abartlet_> so, you know how administrative password sets are
encrypted from the client to the SAMR server?
06/01/06 12:38:40 <vl> Yes. This is what Samba3 with an ntlmssp authenticated
bind stumbles over right now :-)
06/01/06 12:38:48 <abartlet_> well, because windows doesn't always use the bulk
encryption, the values are indivdually encrypted
06/01/06 12:39:39 <abartlet_> anyway, when we are bulk encrypted, or when we
are on TCP/IP, the key is SystemLibraryDTC
06/01/06 12:39:59 <vl> Otherwise it's taken from the session setup?
06/01/06 12:40:02 <abartlet_> yep
06/01/06 12:40:08 <vl> I'm trying to design a torture test that joins samba3
and then does an schannel bind / samlogon and is runnable in the build farm...
06/01/06 12:40:22 <abartlet_> ahh, fun :-)
06/01/06 12:40:37 <vl> So I chose a null smb connection and did a ntlmssp bind
as root. This is not able to set the user password.
06/01/06 12:41:02 <vl> So when the bind negotiates seal we can set the
sessionkey to SystemLibraryDTC?
06/01/06 12:41:05 <abartlet_> yep
Is this the correct description of the scenario ? Which SAMR
functions are involved here ? The conversation above implies
SamrChangePasswordUser/SamrOemChangePasswordUser2/SamrUnicodeChangePasswordUser2.
Is this right ?
Hongwei
-----Original Message-----
From: Hongwei Sun
Sent: Thursday, October 20, 2011 4:25 PM
To: 'Andrew Bartlett'
Cc: [email protected]; MSSolve Case Email
Subject: RE: [REG:111101553031054] RE: [cifs-protocol] SystemLibraryDTC
Andrew,
We also saw another case of usage of this fixed session key other than
loopback behavior in NTLM. Based on your testing before, could you tell me
the repro steps, or scenario , so I can have a repro to debug it ?
Thanks!
Hongwei
-----Original Message-----
From: Andrew Bartlett [mailto:[email protected]]
Sent: Tuesday, October 18, 2011 4:03 PM
To: Hongwei Sun
Cc: [email protected]; MSSolve Case Email
Subject: Re: [REG:111101553031054] RE: [cifs-protocol] SystemLibraryDTC
On Tue, 2011-10-18 at 19:57 +0000, Hongwei Sun wrote:
> Andrew,
>
> I confirmed that the fixed session key "SystemLibraryDTC" is only
> used by NTLM when the client and server are both on the same machine.
> This type of loopback behavior doesn't affect interoperability and
> thus is not covered by the protocol documentation. Please let me
> know if you have more questions.
This is not the case, or else we would not know about it, and would not need to
deal with it for interoperability.
Sadly you will need to dig deeper, as we discovered it the hard way (ie,
needing to discover the magic fixed key by DES brute force), I can assure you
it is used outside the server.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
