[cifs-protocol] RE: Trusted domains and NETLOGON

John Dunning johndun at microsoft.com
Tue Sep 30 23:08:37 GMT 2008

Hello Andrew,
   I wanted to let you know that I had received this request. Myself or one of my teammates will look into this issue and get back to you as soon as possible.

John Dunning
Senior Escalation Engineer Microsoft Corporation
Email: johndun at microsoft.com
Tele: (469)775-7008

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Tuesday, September 30, 2008 5:28 PM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: Trusted domains and NETLOGON

In MS-NRPC it states:
AccountName: A null-terminated Unicode string that identifies the name of the account that
  contains the secret key (password) that is shared between the client and the server, as
  specified in section 1.5.<157>

windows behaviour note 157 then notes:

<157> Section In Windows, all machine account names are the name of the machine with a "$" (dollar sign) appended.

However when Windows 2003 joins as a trusted domain, it issues a ServerAuthenticate3 with 'Account Name == w2k3native.net.'

(ie, no trailing $, and not a normal account)

Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

More information about the cifs-protocol mailing list