Hi Jeremy,
I started having similar problems after installing Vista SP1 RTM. I
patched samba to dump that *auth_data blob, here it is:
[2008/03/03 17:20:33, 10] libsmb/clikrb5.c:unwrap_pac(292)
authorization data is not a Windows PAC (type: 141)
[2008/03/03 17:20:33, 10] libsmb/clikrb5.c:unwrap_pac(294)
DATA_BLOB *auth_data dump follows:
[2008/03/03 17:20:33, 10] lib/util.c:dump_data(2264)
[000] B0 0F 3F 80 43 00 00 00 16 96 21 80 70 13 40 80 °.?.C... [EMAIL
PROTECTED]
[010] D0 1D 83 BF 16 96 21 80 84 CE 36 80 00 00 00 00 Đ..ż..!. .Î6.....
[020] 58 34 83 BF 08 1E 83 BF A3 4E 2C 80 80 8E 3F 80 X4.ż...ż ŁN,...?.
[030] E4 1D 83 BF 28 D4 3D 80 01 00 00 00 98 02 39 80 ä..ż(Ô=. ......9.
[040] 00 00 00 ...
[2008/03/03 17:20:33, 3] libads/kerberos_verify.c:ads_verify_ticket(469)
ads_verify_ticket: did not retrieve auth data. continuing without PAC
If you need any more information/tests, please let me know, I will be
more than happy to assist! I'd be really grateful if this compatibility
issue could be solved soon.
Best regards
Petr
Jeremy Allison wrote:
On Tue, Dec 11, 2007 at 06:28:53PM -0800, Jeremy Allison wrote:
On Wed, Dec 12, 2007 at 01:49:43PM +1300, Jason Haar wrote:
..whereas Vista-SP1rc1 shows
[2007/12/12 00:20:42, 10]
libsmb/clikrb5.c:get_krb5_smb_session_key(735) Got KRB5 session
key of length 16
[2007/12/12 00:20:42, 10] libsmb/clikrb5.c:unwrap_pac(292) authorization
data is not a Windows PAC (type: 141)
....
Ah yes. That's the key. Samba isn't getting the pac info
correctly so no group info. We need to see a the data
blob "auth_data" being passed to this function in libsmb/clikrb5.c :
bool unwrap_pac(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data, DATA_BLOB
*unwrapped_pac_data)
We're looking for a type of :
#define KRB5_AUTHDATA_WIN2K_PAC 128
and getting 141 instead. I really need to see that blob :-).
Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
