[cifs-protocol] RE: LSA and trusted domains overview
(SRX080902600070)
Andrew Bartlett
abartlet at samba.org
Sun Nov 9 23:05:54 GMT 2008
On Fri, 2008-11-07 at 09:05 -0800, Bill Wesse wrote:
> Good morning again Andrew. I have (once again) attached the latest
> copy of the document. This document will not be part of the protocol
> documentation set.
>
> Aside from the unencrypted versions of the network frames in the
> document (which I will get to as soon as I can), I would like to know
> if I have answered all of your questions - and where I may have missed
> the target.
Sadly, this is way off target. I meant it when I said it was a good
start - this is the first chapter, not the complete reference.
A trusted domain relationship exists to be used - I need to have a clear
overview of how authentication and other information flows between
trusted domains. Is DRS synchronisation used? How is it used and
between what trust types? How does a domain know which other domain to
contact about an attempted login with a user principal name? How are
the transitive trust relationships followed to allow access to a
resource in some far-away domain? When a user (from a trusted domain)
is added to a security descriptor, how is that name resolved? What
purpose does the global catalog take in trusted domain environments and
how is it consulted when dealing with inter-forest trusts?
These are just some of the questions I would expect an overview of
trusted domains to show (with links to the explicit details of calls,
but 200 pages of packet captures isn't a substitute for real detail).
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20081110/4aafff42/attachment.bin
More information about the cifs-protocol
mailing list