[cifs-protocol] Please clarify LSA and OsVersion behaviour in MS-NRPC (SRX090727600015)
Andrew Bartlett
abartlet at samba.org
Fri Sep 25 12:33:32 MDT 2009
On Wed, 2009-09-02 at 22:09 +0000, Hongwei Sun wrote:
> Andrew,
>
> We confirmed that Windows server 2008 and later systems addressed the problem by implementing validation of the DNSHostName and SPN in NetrLogonGetDomainInfo to enforce the same constraints as specified in section 3.1.1.5.3.1.1.2(dNSHostName) and 3.1.1.5.3.1.1.4(servicePrincipalName) in MS-ADTS. Therefore you should follow these rules to match the Windows behaviors.
>
> Please let us know if you have further questions.
Did we determine earlier that these updates occur regardless of the
access control on the object (confirmed with AD Dev team, but I don't
think it's in the docs).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20090925/a1e05044/attachment-0001.pgp>
More information about the cifs-protocol
mailing list