diff options
author | Alexander Bokovoy <ab@samba.org> | 2018-02-16 18:15:28 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2018-09-05 18:44:46 +0200 |
commit | dccaea50ce57d6718ffd937cc8b97b64c98c0e79 (patch) | |
tree | 5ab4c0bfc4b52ba467c2ac85939a2c77fd13c7f5 /librpc | |
parent | b31ba498125995dcb67451e4cb28cc27f9e799ed (diff) | |
download | samba-dccaea50ce57d6718ffd937cc8b97b64c98c0e79.tar.gz |
krb5-samba: interdomain trust uses different salt principal
Salt principal for the interdomain trust is krbtgt/DOMAIN@REALM where
DOMAIN is the sAMAccountName without the dollar sign ($)
The salt principal for the BLA$ user object was generated wrong.
dn: CN=bla.base,CN=System,DC=w4edom-l4,DC=base
securityIdentifier: S-1-5-21-4053568372-2049667917-3384589010
trustDirection: 3
trustPartner: bla.base
trustPosixOffset: -2147483648
trustType: 2
trustAttributes: 8
flatName: BLA
dn: CN=BLA$,CN=Users,DC=w4edom-l4,DC=base
userAccountControl: 2080
primaryGroupID: 513
objectSid: S-1-5-21-278041429-3399921908-1452754838-1597
accountExpires: 9223372036854775807
sAMAccountName: BLA$
sAMAccountType: 805306370
pwdLastSet: 131485652467995000
The salt stored by Windows in the package_PrimaryKerberosBlob
(within supplementalCredentials) seems to be
'W4EDOM-L4.BASEkrbtgtBLA' for the above trust
and Samba stores 'W4EDOM-L4.BASEBLA$'.
While the salt used when building the keys from
trustAuthOutgoing/trustAuthIncoming is
'W4EDOM-L4.BASEkrbtgtBLA.BASE', which we handle correct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 5 03:57:22 CEST 2018 on sn-devel-144
(cherry picked from commit f3e349bebc443133fdbe4e14b148ca8db8237060)
Autobuild-User(v4-7-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-7-test): Wed Sep 5 18:44:46 CEST 2018 on sn-devel-144
Diffstat (limited to 'librpc')
0 files changed, 0 insertions, 0 deletions