[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [patch] miscellaneous mechglue stuff

Hi Mike,

>I don't know. But bare in mind that Andrew is thinking the MD5 checksum
>issue is specific to a limitation in Samba 3's smbclient. If that's true,
>then the problem would be limited to SMB servers using stock Heimdal
>gss_accept_sec_context which is to say it's not terribly important
>right now.

I think it's OK to assume the client requested mutual, because SAMBA
and Windows send an AP-REP for CIFS authentication. eg. see


>Do you happen to know how to export a cifs/name.foo.net@FOO.NET aka
>name$@foo.net service principal from a W2K3 DC such that it can be
>imported into a keytab for Ethereal to use? Ktpass.exe doesn't export
>those principals. Otherwise I don't have the setup to decrypt the
>Authenticator and know for certain that MS client's are really using 8003.

Probably the easiest way is to use pwdump2 to extract the NT OWF from
the SAM, then you just need to get it into a keytab somehow. You should
be able to do this with ktutil if it has an option to accept hex encoded

-- Luke