[cifs-protocol] Re: 601628 RE: Mapping of MS-LSAD onto LDAP and DRS
abartlet at samba.org
Wed Aug 13 03:51:29 GMT 2008
On Tue, 2008-08-12 at 19:57 -0700, Richard Guthrie wrote:
> We have completed our investigation of your request to include information linking the structures in the backing store for LSA with the MS-LSAD documents. We have focused on the methods related to trusted domain operations. The list of these methods can be found in section 126.96.36.199. To summarize, all of these methods deal with various aspects of manipulating/querying Trusted Domain Objects as defined in section 7.1.6 of the MS-ADTS documentation.
I think we still have a fair way to go with this, but that at least
provides some of the missing links.
I'll note that on further reading, much of what I'm after can actually
be answered pretty simply - if the table in MS-LSAD 188.8.131.52 and MS-ADTS
184.108.40.206 were combined.
But as to your response, as a start, I'll pick on:
> 3.) InformationClass == TrustedPasswordInformation
> LSAPR_TRUSTED_PASSWORD_INFO (MS-LSAD section 2.2.46)
> This can be any of the stored secret objects on the TDO such as
> TrustAuthIncoming and TrustAuthOutgoing (MS-ADTS section 220.127.116.11.10
> and 18.104.22.168.11)
So (and this in part relates to my broader question), what is the link
between G$$<trustedomainname> secrets and trustAuthIncoming. Please
specify to the extent that given an LDAP database, possibly containing
such trust objects, I could both set and query these values, with the
this call and with the secrets calls.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080813/73eaee94/attachment.bin
More information about the cifs-protocol