[cifs-protocol] RE: CreateTrustedDomainEX blob incorrect

Richard Guthrie rguthrie at microsoft.com
Wed Oct 22 19:03:47 GMT 2008

Andrew we have completed our investigation into LSAPR_TRUSTED_DOMAIN_AUTH_BLOB section 2.2.58 of MS-LSAD.  We have updated the documentation to reflect that previous authentication may not be present in the incoming AuthBlob data.  I have attached a document that contains the two updated sections with highlighted changes.  Please ignore the "Error bookmark not defined" messages in the PDF.  The correct link is displayed in the .docx file.

Please let us know if you have further questions.

Richard Guthrie
Open Protocols Support Team
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM
Tel: +1 (469) 775-7794
E-mail: rguthrie at microsoft.com

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Tuesday, September 30, 2008 5:45 PM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: CreateTrustedDomainEX blob incorrect


The table includes:

Array of LSAPR_AUTH_INFORMATION [1...count]
     (outgoing previous authentication info)

However, the attached blob, captured from Windows 2003 trying to join
Samba4 as a trusted domain shows that the previous password is not part of the structure.

The IDL for the parser we use is at:

(Discussed with Richard)

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MS-LSAD SRX080930601763.zip
Type: application/x-zip-compressed
Size: 153611 bytes
Desc: MS-LSAD SRX080930601763.zip
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20081022/343486ca/MS-LSADSRX080930601763-0001.bin

More information about the cifs-protocol mailing list