[cifs-protocol] Please clarify LSA and OsVersion behaviour in MS-NRPC (SRX090727600015)

Bill Wesse billwe at microsoft.com
Fri Sep 25 12:06:33 MDT 2009 

Hi Andrew - I am sending this, as I have not received responses to my last several emails.

Please let me know if I have answered your questions satisfactorily; if so, I will consider the case resolved. Thanks for helping us improve our documentation.

Please note that I will archive / close the case early next week if I do not hear from you. We can reopen the case if there are any open issues!

Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL:  +1(980) 776-8200
CELL: +1(704) 661-5438
FAX:  +1(704) 665-9606

-----Original Message-----
From: Bill Wesse 
Sent: Tuesday, September 22, 2009 8:18 AM
To: 'Andrew Bartlett'
Cc: 'cifs-protocol at samba.org'; 'pfif at tridgell.net'; 'Matthias Dieter Wallnöfer'
Subject: RE: [cifs-protocol] Please clarify LSA and OsVersion behaviour in MS-NRPC (SRX090727600015)

Hi Andrew - it was great talking to you at the SNIA SDC last week! I hope your trip back home wasn't too exhausting.

Please let me know if you have any continuing issues concerning OsVersion behavior.

Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL:  +1(980) 776-8200
CELL: +1(704) 661-5438
FAX:  +1(704) 665-9606

-----Original Message-----
From: Bill Wesse 
Sent: Friday, September 11, 2009 7:37 AM
To: 'Andrew Bartlett'
Cc: 'cifs-protocol at samba.org'; 'pfif at tridgell.net'; 'Matthias Dieter Wallnöfer'
Subject: RE: [cifs-protocol] Please clarify LSA and OsVersion behaviour in MS-NRPC (SRX090727600015)

Good morning Andrew - just checking in to see if we have covered everything!


-----Original Message-----
From: Hongwei Sun
Sent: Wednesday, September 02, 2009 5:10 PM
To: 'Andrew Bartlett'; Bill Wesse
Cc: pfif at tridgell.net; cifs-protocol at samba.org; Matthias Dieter Wallnöfer
Subject: RE: [cifs-protocol] Please clarify LSA and OsVersion behaviour in MS-NRPC (SRX090727600015)

Andrew,

   We confirmed that Windows server 2008 and later systems addressed the problem by implementing validation of the DNSHostName and SPN in NetrLogonGetDomainInfo to enforce the same constraints as specified in section 3.1.1.5.3.1.1.2(dNSHostName) and 3.1.1.5.3.1.1.4(servicePrincipalName) in MS-ADTS.   Therefore you should follow these rules to match the Windows behaviors.

   Please let us know if you have further questions.

Thanks!

--------------------------------------------------------------------
Hongwei  Sun - Sr. Support Escalation Engineer DSC Protocol  Team, Microsoft hongweis at microsoft.com
Tel:  469-7757027 x 57027
---------------------------------------------------------------------

Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL:  +1(980) 776-8200
CELL: +1(704) 661-5438
FAX:  +1(704) 665-9606


-----Original Message-----
From: Bill Wesse 
Sent: Friday, August 28, 2009 10:53 AM
To: 'Andrew Bartlett'
Cc: 'cifs-protocol at samba.org'; 'pfif at tridgell.net'; 'Matthias Dieter Wallnöfer'; Hongwei Sun
Subject: RE: [cifs-protocol] Please clarify LSA and OsVersion behaviour in MS-NRPC (SRX090727600015)

I will be out of the office on vacation, returning Monday, September 7. My colleague, Hongwei Sun will be your contact during my absence.

Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL:  +1(980) 776-8200
CELL: +1(704) 661-5438
FAX:  +1(704) 665-9606


-----Original Message-----
From: Bill Wesse 
Sent: Friday, August 28, 2009 7:27 AM
To: 'Andrew Bartlett'
Cc: cifs-protocol at samba.org; pfif at tridgell.net; Matthias Dieter Wallnöfer
Subject: RE: [cifs-protocol] Please clarify LSA and OsVersion behaviour in MS-NRPC (SRX090727600015)

Thanks for the information Andrew; I have proposed we add additional NetrLogonGetDomainInfo coverage to our test suites.

Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL:  +1(980) 776-8200
CELL: +1(704) 661-5438
FAX:  +1(704) 665-9606


-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Thursday, August 27, 2009 5:44 PM
To: Bill Wesse
Cc: cifs-protocol at samba.org; pfif at tridgell.net; Matthias Dieter Wallnöfer
Subject: RE: [cifs-protocol] Please clarify LSA and OsVersion behaviour in MS-NRPC (SRX090727600015)

On Wed, 2009-08-26 at 09:52 -0700, Bill Wesse wrote:
> Hello again Andrew - I have a 'short' answer for you.
> 
> Windows 2008 does the following additional checks:
> 
> 1. NETLOGON_WORKSTATION_INFO.DnsHostName and ComputerName match 
> appropriately (re: trailing '$' on ComputerName) 2. NETLOGON_WORKSTATION_INFO.DnsHostName suffix is checked against msDS-AllowedDNSSuffixes.
> 
> I can't at the moment be more complete, without exercising NetrLogonGetDomainInfo against 2000, 2003 and so on. I hesitate to attempt a description against code hand-checks, as it is just too easy to miss something.
> 
> Do you have any test software already configured to do that?

You could hack the GetDomainInfo test in smbtorture's RPC-NETLOGON.  We don't have anything that lets you set it arbitrarily from the command line (yet, I could write it).

Andrew Bartlett

--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

More information about the cifs-protocol mailing list