[cifs-protocol] format of password attributes in AD
rguthrie at microsoft.com
Mon Jun 23 20:00:53 GMT 2008
We are working to get you and answer for the entire table as you requested. At this time I don't have an ETA for completion but I will update you by the end of the week, regardless of whether I have a complete answer or not.
I did want to ask you if this link to the MS-SAMR document gives you the information you need with regard to the supplementalCredentials attribute http://msdn.microsoft.com/en-us/library/cc245499.aspx?
Open Protocols Support Team
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 "Las Colinas - LC2"
Tel: +1 469 775 7794
E-mail: rguthrie at microsoft.com
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Sunday, June 22, 2008 10:44 PM
To: Richard Guthrie
Cc: Interoperability Documentation Help; pfif at tridgell.net; cifs-protocol at samba.org
Subject: RE: [cifs-protocol] format of password attributes in AD
On Sat, 2008-06-14 at 22:55 +1000, Andrew Bartlett wrote:
> On Thu, 2008-06-12 at 08:38 -0700, Richard Guthrie wrote:
> > Andrew,
> > I wanted to ensure I understand your question so please validate the following:
> > The MS-ADTS document, section 126.96.36.199.4 Extended Access checks is
> > missing information that describes the format of the attributes
> > listed in the table. Your question relates to syncing these
> > attributes via Directory Replication as described in MS-DRSR. The
> > table indicates "Access is never granted." What is the format of
> > these attributes when synced via DRS?
> The MS-ADTS document, section 188.8.131.52.4 Extended Access checks lists
> attributes over which "Access is never granted.". Naturally this
> makes them harder to inspect to determine their format. What is the
> format of these attributes when synced via DRS (which does permit their access)?
> I'm picking on this table because almost all these attributes listed
> here as 'access is never granted' are in some way complex in their
> representation (because they deal with passwords and similar
> information), but most (all?) are described simply as 'octect string'
> in the documentation.
> > Is this a correct interpretation of your question?
> No, see my revised attempt.
Has there been any progress in documenting the format of these attributes?
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
More information about the cifs-protocol