[cifs-protocol] Re: Trusted domains and NETLOGON
Andrew Bartlett
abartlet at samba.org
Wed Oct 1 00:27:16 GMT 2008
On Tue, 2008-09-30 at 15:32 -0700, Andrew Bartlett wrote:
> In MS-NRPC 3.5.4.3.2 it states:
> AccountName: A null-terminated Unicode string that identifies the name of the account that
> contains the secret key (password) that is shared between the client and the server, as
> specified in section 1.5.<157>
>
> windows behaviour note 157 then notes:
>
> <157> Section 3.5.4.3.2: In Windows, all machine account names are the name of the machine
> with a "$" (dollar sign) appended.
>
> However when Windows 2003 joins as a trusted domain, it issues a ServerAuthenticate3 with 'Account Name == w2k3native.net.'
>
> (ie, no trailing $, and not a normal account)
So, what I'm looking for is what object in the directory should I
enquire of to find the password to use and how should I find it (ie,
search on what scope for what attribute, presumably without the trailing
dot). I presume I'll have to find the trust account under cn=system,
but this is unclear.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080930/39a21db7/attachment.bin
More information about the cifs-protocol
mailing list