[cifs-protocol] RE: How are 'supported enc types' determined in trusts? - 600253

Richard Guthrie rguthrie at microsoft.com
Tue Aug 26 22:05:10 GMT 2008

Andrew, I will be working with you regarding this issue.  I wanted to clarify your statement regarding downlevel domain.  Are you referring to a windows 2008 server acting as a domain controller in a downlevel domain?  I will get back to you shortly once I have completed my research.

Richard Guthrie
Open Protocols Support Team
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM
Tel: +1 (469) 775-7794
E-mail: rguthrie at microsoft.com
We're hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Monday, August 25, 2008 6:24 PM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: How are 'supported enc types' determined in trusts?

In MS-LSAD Supported Encryption Types

It states the mapping between bits are supported encryption types.  In MS-ADTS we find the backing attribute is msDs-supportedEncryptionTypes.

My question is, if a Windows 2008 server in a downlevel domain, and so trusted domain objects do not include msDs-supportedEncryptionTypes (or a 'set' was never performed on this LSA information level), what value will this attribute have?  Is it dependent on the trust type/attributes flags for example?


Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

More information about the cifs-protocol mailing list