[cifs-protocol] Re: Trusted domains and NETLOGON

Andrew Bartlett abartlet at samba.org
Wed Oct 1 00:27:16 GMT 2008

On Tue, 2008-09-30 at 15:32 -0700, Andrew Bartlett wrote:
> In MS-NRPC it states:
> AccountName: A null-terminated Unicode string that identifies the name of the account that
>   contains the secret key (password) that is shared between the client and the server, as
>   specified in section 1.5.<157>
> windows behaviour note 157 then notes:
> <157> Section In Windows, all machine account names are the name of the machine
> with a "$" (dollar sign) appended.
> However when Windows 2003 joins as a trusted domain, it issues a ServerAuthenticate3 with 'Account Name == w2k3native.net.'
> (ie, no trailing $, and not a normal account)

So, what I'm looking for is what object in the directory should I
enquire of to find the password to use and how should I find it (ie,
search on what scope for what attribute, presumably without the trailing
dot).   I presume I'll have to find the trust account under cn=system,
but this is unclear.

Andrew Bartlett
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080930/39a21db7/attachment.bin

More information about the cifs-protocol mailing list