[cifs-protocol] RE: 601628 RE: Mapping of MS-LSAD onto LDAP and DRS
replications
Richard Guthrie
rguthrie at microsoft.com
Wed Sep 3 13:37:43 GMT 2008
Andrew,
We have revised section 3.1.1.5 of MS-LSAD, as you suggested below, to contain:
1.) Links to LSA IDL definitions
2.) Cross-references to MS-ADTS sections related to the corresponding TDO discussion in section 7.1.6 of MS-ADTS.
I have attached a document (.doc and pdf formats) containing the updated section 3.1.1.5 from MS-LSAD that will be distributed in an upcoming documentation release. Please let us know if you have any additional questions.
Richard Guthrie
Open Protocols Support Team
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM
Tel: +1 (469) 775-7794
E-mail: rguthrie at microsoft.com
We're hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Tuesday, August 12, 2008 10:51 PM
To: Richard Guthrie
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: Re: 601628 RE: Mapping of MS-LSAD onto LDAP and DRS replications
On Tue, 2008-08-12 at 19:57 -0700, Richard Guthrie wrote:
> Andrew,
> We have completed our investigation of your request to include information linking the structures in the backing store for LSA with the MS-LSAD documents. We have focused on the methods related to trusted domain operations. The list of these methods can be found in section 3.1.4.7. To summarize, all of these methods deal with various aspects of manipulating/querying Trusted Domain Objects as defined in section 7.1.6 of the MS-ADTS documentation.
I think we still have a fair way to go with this, but that at least provides some of the missing links.
I'll note that on further reading, much of what I'm after can actually be answered pretty simply - if the table in MS-LSAD 3.1.1.5 and MS-ADTS
7.1.6.7 were combined.
But as to your response, as a start, I'll pick on:
> 3.) InformationClass == TrustedPasswordInformation
> LSAPR_TRUSTED_PASSWORD_INFO (MS-LSAD section 2.2.46) This can be any
> of the stored secret objects on the TDO such as TrustAuthIncoming and
> TrustAuthOutgoing (MS-ADTS section 7.1.6.7.10 and 7.1.6.7.11)
So (and this in part relates to my broader question), what is the link between G$$<trustedomainname> secrets and trustAuthIncoming. Please specify to the extent that given an LDAP database, possibly containing such trust objects, I could both set and query these values, with the this call and with the secrets calls.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MS-LSAD update to section 3.1.1.5.doc
Type: application/msword
Size: 38912 bytes
Desc: MS-LSAD update to section 3.1.1.5.doc
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080903/89f48a1b/MS-LSADupdatetosection3.1.1.5-0001.doc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MS-LSAD update to section 3.1.1.5.pdf
Type: application/pdf
Size: 60055 bytes
Desc: MS-LSAD update to section 3.1.1.5.pdf
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080903/89f48a1b/MS-LSADupdatetosection3.1.1.5-0001.pdf
More information about the cifs-protocol
mailing list