[cifs-protocol] RE: Trusted domains and NETLOGON

John Dunning johndun at microsoft.com
Tue Sep 30 23:08:37 GMT 2008


Hello Andrew,
   I wanted to let you know that I had received this request. Myself or one of my teammates will look into this issue and get back to you as soon as possible.

Thanks
John Dunning
Senior Escalation Engineer Microsoft Corporation
US-CSS DSC PROTOCOL TEAM
Email: johndun at microsoft.com
Tele: (469)775-7008



-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Tuesday, September 30, 2008 5:28 PM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: Trusted domains and NETLOGON

In MS-NRPC 3.5.4.3.2 it states:
AccountName: A null-terminated Unicode string that identifies the name of the account that
  contains the secret key (password) that is shared between the client and the server, as
  specified in section 1.5.<157>

windows behaviour note 157 then notes:

<157> Section 3.5.4.3.2: In Windows, all machine account names are the name of the machine with a "$" (dollar sign) appended.

However when Windows 2003 joins as a trusted domain, it issues a ServerAuthenticate3 with 'Account Name == w2k3native.net.'

(ie, no trailing $, and not a normal account)

Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.


More information about the cifs-protocol mailing list