Hi Matthieu: Yes, please send me the ttt traces and more details about the problem. Your email did not give me a good grasp of the issue.
Regards, Obaid Farooqi Escalation Engineer | Microsoft Exceeding your expectations is my highest priority. If you would like to provide feedback on your case you may contact my manager at nkang at Microsoft dot com ________________________________ From: Matthieu Patou Sent: 2/11/2012 5:40 PM To: Interoperability Documentation Help; [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]> Subject: [cifs-protocol] encryption key for NetrLogonSamLogonEx Hello Dochelp, A bug report concerning user's session key was reported in samba when using level 3 validation for NetrLogonSamLogonEx. I did a bit of investigation and witnessed the corruption if we use level 3 validation for NetrLogonSamLogonEx and if samba opens more than 1 schannel connection with one DC and is not using the session key of the latest connection for decrypting the user's session key (and other encrypted fields) in the Validation 3 response. I checked that samba is using the same key for encrypting and decrypting schannel and sensitive fields in the validation 3 response of the NetrLogonSamLogonEx call. MS-NRPC seems to indicate that the session key should be the same and I didn't find a trace in the documentation saying that only the latest session key exchanged during a NetrAuthenticateX and what seems even more puzzeling is that using the "old" session key for schannel encryption and decryption works. Can you explain us the problem ? I can do TTTrace as the problem is highly reproducible. Matthieu. -- Matthieu Patou Samba Team http://samba.org _______________________________________________ cifs-protocol mailing list [email protected]<mailto:[email protected]> https://lists.samba.org/mailman/listinfo/cifs-protocol ________________________________ Microsoft is committed to protecting your privacy. Please read the Microsoft Privacy Statement<http://go.microsoft.com/fwlink/?LinkId=81184> for more information. The above is an email for a support case from Microsoft Corp. REPLY ALL TO THIS MESSAGE or INCLUDE [email protected]<mailto:[email protected]> IN YOUR REPLY if you want your response added to the case automatically. For technical assistance, please include the Support Engineer on the TO: line. Thank you.(*634649223749922356*)
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
