On Tue, Aug 05, 2008 at 01:02:49PM -0700, Kai Lanz wrote: > > I think I've found out why MacOS 10.5.x (Leopard) clients are unable to > connect to Samba shares when authenticating with Kerberos. Basically, > the > Leopard Macs insert a few extra bytes (Padding and reqFlags, according to > wireshark) into the security blob within the Session Setup AndX Request > packet, bytes whose start tag is 0xa1, in a spot where Samba's parser > expects 0xa2. The critical error is "Failed to parse negTokenTarg at > offset > 54", which looks like it's being caused by the call > > asn1_start_tag(&data, ASN1_CONTEXT(2)); > > in parse_negTokenTarg().
In Samba 3.2.0 and 3.2.1 this is fixed by the following code in parse_negTokenTarg(). /* Skip any optional req_flags that are sent per RFC 4178 */ if (asn1_check_tag(&data, ASN1_CONTEXT(1))) { uint8 flags; asn1_start_tag(&data, ASN1_CONTEXT(1)); asn1_start_tag(&data, ASN1_BITFIELD); while (asn1_tag_remaining(&data) > 0) asn1_read_uint8(&data, &flags); asn1_end_tag(&data); asn1_end_tag(&data); } I'd try an upgrade :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba