[krbdev.mit.edu #6768] regression in gssapi when using GSS_C_DCE_STYLE flag
Simo Sorce via RT
rt-comment at krbdev.mit.edu
Thu Sep 2 14:19:21 EDT 2010
In latest samba I have added the ability to use GSSAPI authentication,
signing and encryption for DCERPC communication over SMB against Windows
Servers.
With MIT 1.7.1 all seem to work just fine, but with 1.8.2/1.8.3
communication fails with a Checksum error being thrown from the Windows
Server (windows 2008 R2).
To test it you can simply use rpcclient form current samba3 master tree.
kinit as a user, then run:
./bin/rpcclient -k ncacn_np:server.fqdn.here[krb5,sign] -c lsaquery
(Replace server.fqdn.here with the server you want to run against, I run
it against the AD DC)
With 1.7.1 communication is established and dcerpc packets are signed,
and the proper result is returned.
With 1.8.1 the server returns a bind nack with error 9 (Checskum error).
More information about the krb5-bugs
mailing list