<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40"
xmlns:ns5="http://schemas.microsoft.com/office/2004/12/omml">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PostalCode"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="State"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="Street"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="City"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="country-region"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="place" downloadurl="http://www.5iantlavalamp.com/"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="address"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PersonName"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--a:link
{mso-style-priority:99;}
span.MSOHYPERLINK
{mso-style-priority:99;}
a:visited
{mso-style-priority:99;}
span.MSOHYPERLINKFOLLOWED
{mso-style-priority:99;}
p
{mso-style-priority:99;}
p.DEFAULT
{mso-style-priority:99;}
li.DEFAULT
{mso-style-priority:99;}
div.DEFAULT
{mso-style-priority:99;}
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p
{mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
p.default, li.default, div.default
{margin:0in;
margin-bottom:.0001pt;
text-autospace:none;
font-size:12.0pt;
font-family:Verdana;
color:black;}
span.EmailStyle19
{mso-style-type:personal;
font-family:Arial;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:Calibri;
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:Calibri;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Hi Obaid,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Is there any progress on this issue, or my
other enquiry about the security descriptor creation algorithms? It’s been a
while now and we need this information to be able to include the security
implementation in the next alpha of Samba 4.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Best Regards,<o:p></o:p></span></font></p>
<p class=MsoNormal><st1:PersonName w:st="on"><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'>Nadezhda
Ivanova</span></font></st1:PersonName><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> Obaid Farooqi <br>
<b><span style='font-weight:bold'>Sent:</span></b> Wednesday, August 05, 2009
6:33 <st1:PersonName w:st="on">PM</st1:PersonName><br>
<b><span style='font-weight:bold'>To:</span></b> <st1:PersonName w:st="on">Nadezhda
Ivanova</st1:PersonName><br>
<b><span style='font-weight:bold'>Cc:</span></b> pfif@tridgell.net;
cifs-protocol@samba.org<br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: Question about owner
and group defaulting rules in MS-ADTS</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Hi Nadezhda:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>I have assumed the
ownership of this issue. I’ll keep you updated on the progress as appropriate.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>If you have any
further question/clarification on this issue, please feel free to contact me.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Regards,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Obaid Farooqi<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Sr. Support
Escalation Engineer | Microsoft<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'><o:p> </o:p></span></font></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> Bill Wesse <br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, August 04, 2009
8:13 AM<br>
<b><span style='font-weight:bold'>To:</span></b> <st1:PersonName w:st="on">Nadezhda
Ivanova</st1:PersonName>; Interoperability Documentation Help<br>
<b><span style='font-weight:bold'>Cc:</span></b> pfif@tridgell.net;
cifs-protocol@samba.org<br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: Question about owner
and group defaulting rules in MS-ADTS<o:p></o:p></span></font></p>
</div>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>Good morning! I have
created case SRX090804600022 to track our work for your request. One of my team
colleagues will take ownership of the case and contact you shortly.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'><o:p> </o:p></span></font></p>
<div>
<p class=MsoNormal><b><font size=2 color=black face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:black;font-weight:bold'>Regards,</span></font></b><font
size=2 color=navy face=Calibri><span style='font-size:11.0pt;font-family:Calibri;
color:navy'><br>
</span></font><b><font size=2 color=black face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:black;font-weight:bold'>Bill Wesse</span></font></b><font
size=2 color=navy face=Calibri><span style='font-size:11.0pt;font-family:Calibri;
color:navy'><br>
</span></font><font size=2 color=black face=Arial><span style='font-size:10.0pt;
font-family:Arial;color:black'>MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC
PROTOCOL TEAM</span></font><font size=2 color=navy face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:navy'><br>
</span></font><st1:Street w:st="on"><st1:address w:st="on"><font size=2
color=black face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:black'>8055 Microsoft Way</span></font></st1:address></st1:Street><font
size=2 color=navy face=Calibri><span style='font-size:11.0pt;font-family:Calibri;
color:navy'><br>
</span></font><st1:place w:st="on"><st1:City w:st="on"><font size=2
color=black face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:black'>Charlotte</span></font></st1:City><font size=2 color=black
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:black'>, <st1:State
w:st="on">NC</st1:State> <st1:PostalCode w:st="on">28273</st1:PostalCode></span></font></st1:place><font
size=2 color=navy face=Calibri><span style='font-size:11.0pt;font-family:Calibri;
color:navy'><br>
</span></font><font size=2 color=black face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:black'>TEL:
+1(980) 776-8200<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:black'>CELL: +1(704)
661-5438</span></font><font size=2 color=navy face="Courier New"><span
style='font-size:11.0pt;font-family:"Courier New";color:navy'><br>
</span></font><font size=2 color=black face="Courier New"><span
style='font-size:10.0pt;font-family:"Courier New";color:black'>FAX:
+1(704) 665-9606<o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'><o:p> </o:p></span></font></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> <st1:PersonName
w:st="on">Nadezhda Ivanova</st1:PersonName>
[mailto:nadezhda.ivanova@postpath.com] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, August 04, 2009
3:58 AM<br>
<b><span style='font-weight:bold'>To:</span></b> Interoperability Documentation
Help<br>
<b><span style='font-weight:bold'>Cc:</span></b> pfif@tridgell.net;
cifs-protocol@samba.org<br>
<b><span style='font-weight:bold'>Subject:</span></b> Question about owner and
group defaulting rules in MS-ADTS<o:p></o:p></span></font></p>
</div>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hi,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>In MS-ADTS, section 7.1.3.6, is written the following:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=default><font size=1 color=black face=Verdana><span style='font-size:
9.0pt'>The GROUP field is defaulted as follows: <o:p></o:p></span></font></p>
<p class=default style='text-indent:.5in'><font size=1 color=black
face=Wingdings><span style='font-size:9.0pt;font-family:Wingdings'>§ </span></font><font
size=1><span style='font-size:9.0pt'>If the DAG was used as the default OWNER
field value, then the same SID is written into the GROUP field. <o:p></o:p></span></font></p>
<p class=default><font size=1 color=black face=Verdana><span style='font-size:
9.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>However, it appears that the creating user’s primary group
is ALWAYS used as the default group, regardless of partition or owner. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Example:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>We create an object in the domain partition, say an OU,
without providing an nTSecurityDescriptor. The creating user is a member of
Domain Admins, with primary group Domain Users, so the DAG is Domain admins as
per the DAG rules in the same document. Domain Admins is used as the OWNER in
the new object’s security descriptor. According to the above statement, Domain
Admins should also be set as the default group. However, in a Windows 2003
server, Domain Users is defaulted as the group in the new object’s descriptor.
If the user’s primary group is changed to Domain Admins, then the group of the
new object is defaulted to Domain Admins.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The above behavior is consistent with
CreateSecurityDescriptor algorithm from MS-DTYP, where the primary group of the
security token is assigned if a group is not provided. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Could you please clarify the contradiction between <st1:place
w:st="on"><st1:City w:st="on">MS-ADTS</st1:City>, <st1:State w:st="on">MS</st1:State></st1:place>-DTYP
and actual behavior?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Regards,<o:p></o:p></span></font></p>
<p class=MsoNormal><st1:PersonName w:st="on"><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Nadezhda Ivanova</span></font></st1:PersonName><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 width=543
style='width:407.25pt'>
<tr>
<td colspan=3 style='padding:0in 0in 0in 0in'>
<p class=MsoNormal><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><img width=110 height=73 id="_x0000_i1025"
src="cid:image001.gif@01CA1A88.AEF55AB0"><o:p></o:p></span></font></p>
</td>
</tr>
<tr>
<td nowrap valign=top style='padding:0in 0in 11.25pt .25in'>
<p><st1:PersonName w:st="on"><strong><b><font size=1 color="#666666"
face=Arial><span style='font-size:8.5pt;font-family:Arial;color:#666666'>Nadezhda
Ivanova</span></font></b></strong></st1:PersonName><font size=1
color="#666666" face=Arial><span style='font-size:8.5pt;font-family:Arial;
color:#666666'><br>
<strong><b><font face=Arial><span style='font-family:Arial'>Software Engineer</span></font></b></strong><br>
<strong><b><font face=Arial><span style='font-family:Arial'>Software
Development</span></font></b></strong><b><span style='font-weight:bold'><br>
</span></b><br>
<a href="mailto:nadezhda.ivanova@postpath.com"><font color="#666666"
face="Times New Roman"><span style='font-family:"Times New Roman";color:#666666'>nadezhda.ivanova@postpath.com</span></font></a><o:p></o:p></span></font></p>
</td>
<td nowrap valign=top style='padding:0in 0in 7.5pt 15.0pt'>
<p style='margin-bottom:12.0pt'><strong><b><font size=1 color="#666666"
face=Arial><span style='font-size:8.5pt;font-family:Arial;color:#666666'>CISCO
SYSTEMS <st1:country-region w:st="on"><st1:place w:st="on">BULGARIA</st1:place></st1:country-region>
EOOD</span></font></b></strong><font size=1 color="#666666" face=Arial><span
style='font-size:8.5pt;font-family:Arial;color:#666666'><br>
<st1:address w:st="on"><st1:Street w:st="on">18 Macedonia Blvd.</st1:Street> <st1:City
w:st="on">Sofia</st1:City></st1:address> 1606<br>
<st1:country-region w:st="on"><st1:place w:st="on">Bulgaria</st1:place></st1:country-region><br>
<a href="http://www.cisco.com/global/BG/"><font color="#666666"
face="Times New Roman"><span style='font-family:"Times New Roman";color:#666666'>Cisco
home page</span></font></a><o:p></o:p></span></font></p>
</td>
<td width=155 style='width:116.25pt;padding:0in 0in 0in 0in'>
<p class=MsoNormal><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> <o:p></o:p></span></font></p>
</td>
</tr>
<tr>
<td style='padding:0in .25in 0in .25in'>
<p class=MsoNormal><font size=1 color="#009900" face=Arial><span
style='font-size:7.5pt;font-family:Arial;color:#009900'><img border=0
width=18 height=19 id="_x0000_i1026" src="cid:image002.gif@01CA1A88.AEF55AB0"
alt="Think before you print.">Think before you print.<o:p></o:p></span></font></p>
</td>
<td width=362 colspan=2 style='width:271.5pt;padding:0in 0in 0in 0in'>
<p class=MsoNormal><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'> <o:p></o:p></span></font></p>
</td>
</tr>
</table>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
</div>
</div>
</body>
</html>