samba - Jul 2023 - ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023

Hi!
> I was looking at the code this morning trying to figure out how to
> reject packet with lvl2 properly, - unfortunately I don't know samba
> well enough to be able to find the place "quickly" and I got
distracted
> by other things.  It was my first thought when someone posted the debug
> info which mentioned invalid switch level, - I found the place where this
> happens but it is way down the line from the place where it should be
> rejected..
I just tested the patch from Stefan Metzmacher[1] on top of Samba from
Debian/Bullseye (4.13.13+dfsg-1~deb11u5): the patch cleanly applied with
some fuzz and everything started working again!
We're still running an old NT4 domain with Debian domain controllers.

all the best,
	Adi

[1] https://bugzilla.samba.org/show_bug.cgi?id=15418#c25

On Thu, Jul 13, 2023, 12:36 Adi Kriegisch via samba <samba at
lists.samba.org>
wrote:
> Hi!
>
> > I was looking at the code this morning trying to figure out how to
> > reject packet with lvl2 properly, - unfortunately I don't know
samba
> > well enough to be able to find the place "quickly" and I got
distracted
> > by other things.  It was my first thought when someone posted the
debug
> > info which mentioned invalid switch level, - I found the place where
this
> > happens but it is way down the line from the place where it should be
> > rejected..
> I just tested the patch from Stefan Metzmacher[1] on top of Samba from
> Debian/Bullseye (4.13.13+dfsg-1~deb11u5): the patch cleanly applied with
> some fuzz and everything started working again!
> We're still running an old NT4 domain with Debian domain controllers.
>
> all the best,
>         Adi
>
> [1] https://bugzilla.samba.org/show_bug.cgi?id=15418#c25
That's great news! Hopefully the binary for mainstream packages will be
available just as quick.
>
>

On 13/07/2023 18.17, Adi Kriegisch via samba wrote:

> I just tested the patch from Stefan Metzmacher[1] on top of Samba from
> Debian/Bullseye (4.13.13+dfsg-1~deb11u5): the patch cleanly applied with
> some fuzz and everything started working again!
> We're still running an old NT4 domain with Debian domain controllers.
Ok, fine. So this patch makes old NT4 DC work again... very nice but I'm
still going to dismiss my old NT4 domains at this point. No reason really to try
to patch Samba 3.6 (if it's actually possible)


And about the AD DC and RDP NLA issue?


Fabio

13.07.2023 19:17, Adi Kriegisch wrote:
> Hi!
> 
>> I was looking at the code this morning trying to figure out how to
>> reject packet with lvl2 properly, - unfortunately I don't know
samba
>> well enough to be able to find the place "quickly" and I got
distracted
>> by other things.  It was my first thought when someone posted the debug
>> info which mentioned invalid switch level, - I found the place where
this
>> happens but it is way down the line from the place where it should be
>> rejected..
> I just tested the patch from Stefan Metzmacher[1] on top of Samba from
> Debian/Bullseye (4.13.13+dfsg-1~deb11u5): the patch cleanly applied with
> some fuzz and everything started working again!
> We're still running an old NT4 domain with Debian domain controllers.
> 
> all the best,
> 	Adi
> 
> [1] https://bugzilla.samba.org/show_bug.cgi?id=15418#c25
Yeah, I'm watching both the discussion on the ML and the bug report
progress, I'm subscribed to the bug.

Thanks,

/mjt