[cifs-protocol] Please clarify LSA and OsVersion behaviour in MS-NRPC (SRX090727600015)
billwe at microsoft.com
Fri Aug 28 05:27:09 MDT 2009
Thanks for the information Andrew; I have proposed we add additional NetrLogonGetDomainInfo coverage to our test suites.
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: +1(980) 776-8200
CELL: +1(704) 661-5438
FAX: +1(704) 665-9606
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Thursday, August 27, 2009 5:44 PM
To: Bill Wesse
Cc: cifs-protocol at samba.org; pfif at tridgell.net; Matthias Dieter Wallnöfer
Subject: RE: [cifs-protocol] Please clarify LSA and OsVersion behaviour in MS-NRPC (SRX090727600015)
On Wed, 2009-08-26 at 09:52 -0700, Bill Wesse wrote:
> Hello again Andrew - I have a 'short' answer for you.
> Windows 2008 does the following additional checks:
> 1. NETLOGON_WORKSTATION_INFO.DnsHostName and ComputerName match
> appropriately (re: trailing '$' on ComputerName) 2. NETLOGON_WORKSTATION_INFO.DnsHostName suffix is checked against msDS-AllowedDNSSuffixes.
> I can't at the moment be more complete, without exercising NetrLogonGetDomainInfo against 2000, 2003 and so on. I hesitate to attempt a description against code hand-checks, as it is just too easy to miss something.
> Do you have any test software already configured to do that?
You could hack the GetDomainInfo test in smbtorture's RPC-NETLOGON. We don't have anything that lets you set it arbitrarily from the command line (yet, I could write it).
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
More information about the cifs-protocol