Dear Dochelp Team, I need your help again :-)
I'm trying to implement SamrUnicodeChangePasswordUser4. However when I try to run my implementation against Windows. I always get STATUS_WRONG_PASSWORD returned. For the SamrUnicodeChangePasswordUser4 method (section 3.1.5.10.4), the shared secret is the plaintext old password and the CEK is generated as specified in section 3.2.2.5. 3.2.2.5 Deriving an Encryption Key from a Plaintext Password The client MUST derive the CEK in the following manner: CEK :: = (PBKDF2(NT HASH of “OldPassword”, Salt, IterationCount, 512)) Looking at the RFC 8018 section 5.2: PBKDF2 (P, S, c, dkLen) Options: PRF underlying pseudorandom function (hLen denotes the length in octets of the pseudorandom function output) Input: P password, an octet string S salt, an octet string c iteration count, a positive integer dkLen intended length in octets of the derived key, a positive integer, at most (2^32 - 1) * hLen Output: DK derived key, a dkLen-octet string The MS-SAMR document doesn't say a word about the dkLen. Which would be how many bytes the pbkdf2 function should return for the CEK. I've used 16 bytes (same as the session key) as dkLen. However I get STATUS_WRONG_PASSWORD ./bin/rpcclient ncacn_np:earth.milkyway.site -U'bob%Pa$$w0rd@3' -c 'chgpasswd4 bob Pa$$w0rd@3 Pa$$w0rd@6' [...] rpc_api_pipe: host earth.milkyway.site returned 4 bytes. samr_ChangePasswordUser4: struct samr_ChangePasswordUser4 out: struct samr_ChangePasswordUser4 result : NT_STATUS_WRONG_PASSWORD I've uploaded traces to: https://support.microsoft.com/files? workspace=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ3c2lkIjoiNTY5YjBlMTItMzYyNS00NjhlLWIwNjgtOTBiZDYyZDk2MTllIiwic3IiOiIyMjA3MTEwMDQwMDA4ODMyIiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNWUtYmUzOC1lYTNiZDZlZjIxZTUiLCJzdiI6InYxIiwicnMiOiJFeHRlcm5hbCIsInd0aWQiOiJhYzUxMDFlOS1mMTExLTQ5MGUtOGVlYS04NWMxNGMyNzMyNmIiLCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1bGEubWljcm9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMiLCJleHAiOjE2NjU0MTQxMzEsIm5iZiI6MTY1NzYzODEzMX0.Oe0Nrl4WiClzTrLHTGeFVX6S- oHNH4LjSGoiVF9eXNo9wN9w- NyabVRaEUpWVvKheXcqukAuNYvxDGCnoj2ZbpPsE1JY4EByZfqC2l--8i6N0smD8Rtccd_YLg_hx9SqGO- Dgr6Y5zLo6FMBUnfF6xQ8jhqB5a7ZJf4- TfMnCgXDsltrLzB_JU1rLDsVGI5ZzZfN9BEOJeKxS9PJEB3azUy8lFvcMsyq8ZL5LOzyQyhg7H2CglwDjzNeGmg2Wov8vdVdh3Ahk0AZ08Otf7i-7tpggx0F9FsH13oS2j6IOzEni23z2G6AqNL4j7ss_23sCp5njIL70rvGv3LliynERA&wid=569b0e12-3625-468e- b068-90bd62d9619e Help here would be much appreciated. Thanks you dochelp team. Best regards Andreas -- Andreas Schneider a...@samba.org Samba Team www.samba.org GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D _______________________________________________ cifs-protocol mailing list cifs-protocol@lists.samba.org https://lists.samba.org/mailman/listinfo/cifs-protocol