[cifs-protocol] RE: SRX080909600334: [MS-APDS] Backing store and
policy application information
Bill Wesse
billwe at microsoft.com
Fri Sep 19 16:30:02 GMT 2008
Good morning again Andrew. I am near to completion with my investigation, and expect to provide you with the results for your review on Monday.
Once we are at the point of having the necessary information, I will file appropriate documentation change requests.
Regards,
Bill Wesse
MCSE / Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: +1(980) 776-8200
CELL: +1(704) 661-5438
FAX: +1(704) 665-9606
We're Hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted
From: Bill Wesse
Sent: Tuesday, September 09, 2008 12:37 PM
To: 'abartlet at samba.org'
Cc: 'pfif at tridgell.net'; 'cifs-protocol at samba.org'
Subject: SRX080909600334: [MS-APDS] Backing store and policy application information
Good morning Andrew! I have just taken ownership of this case from my colleague, Edward, since it is closely related to several other cases I am working for you.
I expect to begin work on this tomorrow, and will advise you of progress as soon as possible.
==============================================================================
Question
==============================================================================
I have previously asked for information to be added to MS-NRPC to detail the currently abstract backing store for user and trust accounts.
However, it happens that the normal SamLogon processing is mostly described in MS-APDS (for some reason).
What I'm looking for is a specific description of what attributes (unicodePwd, dbcsPwd) are used for validating the password, what attributes (pwdLastSet, userAccountControl etc) are used (and how they are used) to check policy and then what attributes are used to construct the NETLOGON_VALIDATION_SAM_INFO4.
I need this because I must construct the same reply as a Microsoft DC that I might share a domain using DRS replication with.
The current text in 3.1.5.1 is:
> The domain controller MUST compare the local copy of the password to the one sent in the request.
> If there is a successful match, the domain controller MUST return data
> with ValidationInformation containing either a reference to
> NETLOGON_VALIDATION_SAM_INFO4 ([MS-NRPC] section 3.5.4.4.1), if the
> ValidationLevel in the request is NetlogonValidationSamInfo4 or a
> reference to
> NETLOGON_VALIDATION_SAM_INFO2 ([MS-NRPC] section 3.5.4.4.1), if the
> ValidationLevel in the request is NetlogonValidationSamInfo2). If
> there is not a match, the DC MUST return the failure error code
> STATUS_WRONG_PASSWORD (section 2.2) with no response data.<15>
(Just to put this into context, this needs a long-term answer and doc change, not a 'hot fix').
==============================================================================
Regards,
Bill Wesse
MCSE / Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: +1(980) 776-8200
CELL: +1(704) 661-5438
FAX: +1(704) 665-9606
We're Hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the cifs-protocol
mailing list