[cifs-protocol] format of password attributes in AD
abartlet at samba.org
Sat Jun 14 12:55:27 GMT 2008
On Thu, 2008-06-12 at 08:38 -0700, Richard Guthrie wrote:
> I wanted to ensure I understand your question so please validate the following:
> The MS-ADTS document, section 18.104.22.168.4 Extended Access checks is
> missing information that describes the format of the attributes listed
> in the table. Your question relates to syncing these attributes via
> Directory Replication as described in MS-DRSR. The table indicates
> "Access is never granted." What is the format of these attributes when
> synced via DRS?
The MS-ADTS document, section 22.214.171.124.4 Extended Access checks lists
attributes over which "Access is never granted.". Naturally this makes
them harder to inspect to determine their format. What is the format of
these attributes when synced via DRS (which does permit their access)?
I'm picking on this table because almost all these attributes listed
here as 'access is never granted' are in some way complex in their
representation (because they deal with passwords and similar
information), but most (all?) are described simply as 'octect string' in
> Is this a correct interpretation of your question?
No, see my revised attempt.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080614/4d5fa2c5/attachment.bin
More information about the cifs-protocol