[cifs-protocol] Is MS-ADTS DL_DRSGetMemberships correct for workstation trust accounts?
Andrew Bartlett
abartlet at samba.org
Sun Nov 23 21:32:13 MST 2014
In MS-ADTS 4.1.8.3 Server Behavior of the IDL_DRSGetMemberships Method
It has this in the psudocode:
if((u!userAccountControl & ADS_UF_WORKSTATION_TRUST_ACCOUNT =
ADS_UF_WORKSTATION_TRUST_ACCOUNT) or
(u!userAccountControl & ADS_UF_PARTIAL_SECRETS_ACCOUNT =
ADS_UF_PARTIAL_SECRETS_ACCOUNT))
wSet := wSet + GetDSNameOfEnterpriseRODCsGroup()
endif
I'm curious about the 'or' in the middle of the if statement. Shoudn't
it be an 'and', because you only want to put the object in the
EnterpriseRODCs Group if it is both a workstation trust account, and a
partial secrets account (otherwise, all workstations would be in it).
Thanks,
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the cifs-protocol
mailing list