Andrew, Thanks for the information provided. We successfully reproduced and debugged the behavior of SMB signing between Samba Smbclient and Windows server using AES256 session key(32 bytes). The outcome of live debugging proved that SMB signing is using entire 32 bytes session key, just as you reported initially. The product team also confirmed this behavior. We will update MS-SMB document accordingly.
Please let us know if you have any further question regarding this topic. Thanks! -----Original Message----- From: Andrew Bartlett [mailto:abart...@samba.org] Sent: Sunday, November 30, 2008 8:53 PM To: Hongwei Sun Cc: Stefan (metze) Metzmacher Subject: RE: [cifs-protocol] Session keys are not always 16 bytes long On Tue, 2008-11-25 at 15:52 -0800, Hongwei Sun wrote: > Andrew, > > As per our discussion during conference call, I would like to run testing > on Samba with Windows server for session key length used for SMB signing. > Can I run smbtorture to see the behavior ? If so, what test option should I > select ? How can I configure it to use Kerberos with AES256 ? Use > Krb5.conf ? If you could point me to the source code file and lines, it > will be helpful for me too. I suggest running just smbclient, to a windows server that enforces signing, with 'smbclient //myserver/share -d11 -k yes -Uuser%pass' as the command line. This should trigger the behaviour, and print the key if you are on a modern linux distro. You must have compiled Samba using 'make clean && ./configure --enable-developer && make all'. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol
