[cifs-protocol] RE: CDAP netlogon and 'implementation defined' behaviour

Richard Guthrie rguthrie at microsoft.com
Mon Jun 23 15:30:12 GMT 2008


I have re-visited your request to have more use cases added to the documentation. We have decided to leave the text as is, but I wanted to resend the kb article that discusses why a windows server might respond with NETLOGON_SAM_LOGON_RESPONSE_NT40 which is kb article http://support.microsoft.com/kb/298713.  If there are no further questions, I will consider this issue resolved.

Richard Guthrie
Open Protocols Support Team
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 "Las Colinas - LC2"
Tel: +1 469 775 7794
E-mail: rguthrie at microsoft.com

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Friday, May 30, 2008 8:32 PM
To: Richard Guthrie
Cc: pfif at tridgell.net
Subject: RE: CDAP netlogon and 'implementation defined' behaviour

On Fri, 2008-05-30 at 17:57 -0700, Richard Guthrie wrote:
> Andrew,
> I have conducted research on your issue below and am providing answers
> to your question below.  I still have one item to get clarification on
> which I will send once I have that issue resolved.
> Item 1 – A windows server can be configured to respond with
> aNETLOGON_SAM_LOGON_RESPONSE_NT40 if the registry key
> HKLM/System/CurrentControlSet/Services/NetLogon/Parameters/NT4Emulator
> has been set with a value of 0x1.  The
> articlehttp://support.microsoft.com/kb/298713 discusses this setting.
> If configured all clients would receive
> thisNETLOGON_SAM_LOGON_RESPONSE_NT40.  In addition the server would
> respond usingNETLOGON_SAM_LOGON_RESPONSE_NT40 structure if the client
> sets theNETLOGON_NT_VERSION_1 bit in the NETLOGON_NT_VERSION field.
> Typically this would be a client this is less than version Windows
> 2000 such as NT4.0 or Windows 95/98.

Great.  Sadly I'm having trouble getting to kb articles these days, as Firefox 3 bails with:

Content Encoding Error

The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression.

The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression.

    * Please contact the website owners to inform them of this problem.

> Item 2 – The typical scenario you would see this registry key set is
> in a domain migration scenario from NT4.0 to Windows 2000 and beyond.
OK, to be clear, this would be set on the Win2000 server when it is in an NT4 level domain?

It would be great if parts of the protocol that only matter in this (comparatively unusual in 2008) situation were marked as such.
> We working to determine documentation requirements in the MS-ADTS
> documentation with regard to this field and settings.  I will send you
> the updated documentation if we determine a change is required.
> Finally, one issue that is under investigation from another related
> customer request is that the server is returning NETLOGON_NT_VERSION_1
> set to 1 even when the client did not set this bit on the request.  I
> will also send you an update once that issue is resolved as I believe
> it may affect your testing and implementation and don’t want it to
> affect our coming to resolution here.
This is in "Expected values in 'NtVersion' and other fields MS-ADTS" (which does not seem to have an issue number yet) for me.

> Please let me know if this answers your original question and I will
> consider these questions closed.
If the docs are updated to reflect this, then I will consider it closed.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

More information about the cifs-protocol mailing list