[cifs-protocol] RE: How to validate the PAC in NETLOGON
rguthrie at microsoft.com
Fri Aug 8 15:29:15 GMT 2008
Thank you for the request. I will be working with you on this issue. I need to review the documentation and will get back to you with a response shortly.
Open Protocols Support Team
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 "Las Colinas - LC2"
Tel: +1 469 775 7794
E-mail: rguthrie at microsoft.com
We're hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Friday, August 08, 2008 3:07 AM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: How to validate the PAC in NETLOGON
In MS-APDS 18.104.22.168 is claims that the client will send to the server the PAC signatures (but not apparently the whole PAC), and that the NETLOGON server (on the DC) must verify them.
How is it meant to verify the signatures, if it does not have the PAC to verify checksum over?
Also, is there a command I can run on windows to cause this NETLOGON pac validation to happen? (The document could do with a worked example here, and in the PAC document).
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
More information about the cifs-protocol