[cifs-protocol] format of password attributes in AD

Richard Guthrie rguthrie at microsoft.com
Mon Jun 23 20:00:53 GMT 2008


Andrew,

We are working to get you and answer for the entire table as you requested.  At this time I don't have an ETA for completion but I will update you by the end of the week, regardless of whether I have a complete answer or not.

I did want to ask you if this link to the MS-SAMR document gives you the information you need with regard to the supplementalCredentials attribute http://msdn.microsoft.com/en-us/library/cc245499.aspx?

Richard Guthrie
Open Protocols Support Team
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 "Las Colinas - LC2"
Tel: +1 469 775 7794
E-mail: rguthrie at microsoft.com

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Sunday, June 22, 2008 10:44 PM
To: Richard Guthrie
Cc: Interoperability Documentation Help; pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: [cifs-protocol] format of password attributes in AD

On Sat, 2008-06-14 at 22:55 +1000, Andrew Bartlett wrote:
> On Thu, 2008-06-12 at 08:38 -0700, Richard Guthrie wrote:
> > Andrew,
> >
> > I wanted to ensure I understand your question so please validate the following:
> >
> > The MS-ADTS document, section 3.1.1.4.4 Extended Access checks is
> > missing information that describes the format of the attributes
> > listed in the table.  Your question relates to syncing these
> > attributes via Directory Replication as described in MS-DRSR.  The
> > table indicates "Access is never granted." What is the format of
> > these attributes when synced via DRS?
>
> The MS-ADTS document, section 3.1.1.4.4 Extended Access checks lists
> attributes over which "Access is never granted.".  Naturally this
> makes them harder to inspect to determine their format.  What is the
> format of these attributes when synced via DRS (which does permit their access)?
>
> I'm picking on this table because almost all these attributes listed
> here as 'access is never granted' are in some way complex in their
> representation (because they deal with passwords and similar
> information), but most (all?) are described simply as 'octect string'
> in the documentation.
>
> > Is this a correct interpretation of your question?
>
> No, see my revised attempt.

Has there been any progress in documenting the format of these attributes?

Thanks,

--
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com



More information about the cifs-protocol mailing list