Hi, > According to MS-NRPC pg 111, bit 17 (indicated as bit R) of negotiable > flag is actually referring to "supports the NetrServerPasswordSet2 > functionality". > In the packet trace that attached earlier, I had successfully negotiated the > session key (from pkt 519-523) with the DC using unprotected RPC and > established the SChannel. > However, when sending the encrypted message (encrypted with AES-key derived > from the session key) over Schannel to DC, DC responded with DCE RPC fault > with error = 0x00000721. > > And, I also tried to use the initialization vector constructed using the > last block (size=8 bytes) of the encrypted Confounder field, same error code > returned from DC. > > There's no problem if only integrity is negotiated. > So, I suppose the ivec mentioned in the MS-NRPC spec to encrypt the message > might not correct ?
Take a look at this branch, it contains working code, at least it worked a year ago against w2k8r2. http://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master3-schannel Maybe that helps. metze
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cifs-protocol mailing list cifs-protocol@cifs.org https://lists.samba.org/mailman/listinfo/cifs-protocol