[cifs-protocol] RE: 602144 RE: CDAP netlogon and 'implementation
defined' behaviour
Richard Guthrie
rguthrie at microsoft.com
Tue Jul 15 13:54:25 GMT 2008
Andrew,
We appreciate your feedback. We have re-considered this section of the document and will be updating the MS-ADTS document section 7.3.3.2 as follows:
Original Text
If the server is configured to respond to ping requests in the form of a NETLOGON_SAM_LOGON_RESPONSE_NT40 structure (the way in which the server is configured is outside the state model and is implementation-dependent), and v does not have the NETLOGON_NT_VERSION_AVOID_NT4EMUL bit set, the response of the dc is documented in "Response to Invalid Filter" (section 7.3.3.3).
Updated Text
If the server is configured to respond to ping requests in the form of a NETLOGON_SAM_LOGON_RESPONSE_NT40 structure, and v does not have the NETLOGON_NT_VERSION_AVOID_NT4EMUL bit set (for an informative example of how and why this is configured in the Windows implementation, see [KB298713]), the server uses the NETLOGON_SAM_LOGON_RESPONSE_NT40 structure to send the response back.
An informative reference will also be added to the documentation under 1.2.2 Informative References, and will read
[KB298713] Microsoft Corporation, "How to prevent overloading on the first domain controller during domain upgrade", http://support.microsoft.com/kb/298713
Let us know if you have any further questions?
Richard Guthrie
Open Protocols Support Team
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 "Las Colinas - LC2"
Tel: +1 469 775 7794
E-mail: rguthrie at microsoft.com
We're hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Thursday, July 10, 2008 1:28 AM
To: Richard Guthrie
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: Re: 602144 RE: CDAP netlogon and 'implementation defined' behaviour
On Tue, 2008-07-08 at 13:59 -0700, Richard Guthrie wrote:
> Andrew,
>
> As per our previous conversation regarding NETLOGON_SAM_LOGON_RESPONSE_NT40, I wanted to send you a proposed update to the documentation to see if this resolves the issue. The current MS-ADTS documentation for section 7.3.3.2 Domain Controller Response to an LDAP Ping reads as follows:
>
> If the server is configured to respond to ping requests in the form of a NETLOGON_SAM_LOGON_RESPONSE_NT40 structure (the way in which the server is configured is outside the state model and is implementation-dependent), and v does not have the NETLOGON_NT_VERSION_AVOID_NT4EMUL bit set, the response of the dc is documented in "Response to Invalid Filter" (section 7.3.3.3).
>
> The proposed update to this text is as follows:
>
> If the server is configured to respond to ping requests in the form of a NETLOGON_SAM_LOGON_RESPONSE_NT40 structure (the way in which the server is configured is outside the state model and is implementation-dependent), and v does not have the NETLOGON_NT_VERSION_AVOID_NT4EMUL bit set, the server uses the NETLOGON_SAM_LOGON_RESPONSE_NT40 structure to send the response back.
>
> The intended changes highlights that if the server is configured to respond to ping request using the NETLOGON_SAM_LOGON_RESPONSE_NT40 structure, then that is what the client will receive. It also intends to leave open how this is implemented so that you the implementer can decide how this gets enabled/disabled. Please let us know if this resolves your issue and we will update the documentation accordingly.
We seem to be going in circles, perhaps because MS-ADTS does not have a 'windows behaviour' section. Why is it so hard to list the reasons (for the 'implementation dependent behaviour' we discussed on the phone?
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
More information about the cifs-protocol
mailing list