From 0da133101ab149b074ab369d819fc48b7c95bf71 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 7 May 2009 12:53:31 -0700 Subject: [PATCH] s3-auth: use full 16byte session key in make_user_info_netlogon_interactive(). Patch from Jeremy. With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a Samba 3 Domain. There are still two registry settings required: HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 Do *not* modify the other netlogon registry parameters that were passed around, they weaken security. Guenther / Jeremy. --- source/auth/auth_util.c | 3 +-- source/include/ntdomain.h | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c index 2bd857c5893..f6c5eaa71bf 100644 --- a/source/auth/auth_util.c +++ b/source/auth/auth_util.c @@ -292,8 +292,7 @@ bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, unsigned char local_nt_response[24]; unsigned char key[16]; - ZERO_STRUCT(key); - memcpy(key, dc_sess_key, 8); + memcpy(key, dc_sess_key, 16); if (lm_interactive_pwd) memcpy(lm_pwd, lm_interactive_pwd, sizeof(lm_pwd)); diff --git a/source/include/ntdomain.h b/source/include/ntdomain.h index de0a3136098..4b49b5efb3b 100644 --- a/source/include/ntdomain.h +++ b/source/include/ntdomain.h @@ -139,7 +139,7 @@ struct dcinfo { struct netr_Credential clnt_chal; /* Client credential */ struct netr_Credential srv_chal; /* Server credential */ - unsigned char sess_key[16]; /* Session key - 8 bytes followed by 8 zero bytes */ + unsigned char sess_key[16]; /* Session key */ unsigned char mach_pw[16]; /* md4(machine password) */ fstring mach_acct; /* Machine name we've authenticated. */ -- 2.34.1