[cifs-protocol] [REG:117121117297259] Missing and duplicate rightGuid values for Extended Rights
Edgar Olougouna
edgaro at microsoft.com
Fri Dec 15 21:04:38 UTC 2017
Andrew,
I have spent some time investigating this further and have split this in two cases. Please expect another email thread to address the second portion of your request. Please read through for a status update on the first portion.
SR 117121517332882 [MS-ADTS] dNSHostName's schemaIdGuid used for attributeSecurityGuid or rightsGUID in other attributes
Verbatim:
72E39547-7B18-11D1-ADEF-00C04FD8D5CD is documented as a rightsGuid for DNS-Host-Name Attributes and for Validated-DNS-Host-Name.
Can you please shed some light on what is going on here?
I will use the current SR 117121117297259 to focus on [MS-ADTS]: 3.1.1.2.3.3 Missing attributeSecurityGuid values not defined for property sets
My investigation so far showed that the following three values of attributeSecurityGuid are not listed in the table of property sets in [MS-ADTS] 3.1.1.2.3.3 Property Set https://msdn.microsoft.com/en-us/library/cc223204.aspx
I have filed a document bug and will let you as soon as I have an update.
Guid-1:
[MS-ADA1]
domainWidePolicy has:
attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5
eFSPolicy has:
attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5
[MS-ADA3]
publicKeyPolicy has:
attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5
Guid-2:
[MS-ADA1]
domainPolicyReference has
attributeSecurityGuid: a29b89fe-c7e8-11d0-9bae-00c04fd92ef5
[MS-ADA2]
machinePasswordChangeInterval has
attributeSecurityGuid: a29b89fe-c7e8-11d0-9bae-00c04fd92ef5
Guid-3:
[MS-ADA1]
localPolicyReference has
attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5
[MS-ADA2]
machineWidePolicy has
attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5
[MS-ADA3]
qualityOfService has
attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5
Thanks,
Edgar
-----Original Message-----
From: Edgar Olougouna
Sent: Monday, December 11, 2017 10:01 AM
To: Andrew Bartlett <abartlet at samba.org>; cifs-protocol at lists.samba.org
Cc: MSSolve Case Email <casemail at corp.microsoft.com>
Subject: RE: [REG:117121117297259] Missing and duplicate rightGuid values for Extended Rights
Hello Andrew,
I will investigate this and follow-up once I have an update.
Thanks,
Edgar
-----Original Message-----
From: Bryan Burgin
Sent: Sunday, December 10, 2017 9:48 PM
To: Andrew Bartlett <abartlet at samba.org>; cifs-protocol at lists.samba.org
Cc: MSSolve Case Email <casemail at corp.microsoft.com>
Subject: [REG:117121117297259] Missing and duplicate rightGuid values for Extended Rights
[dochelp to bcc]
[+casemail]
Hi Andrew,
Thank you for your question. We created SR 117121117297259 to track this issue. An engineer from the protocols team will contact you soon.
Bryan
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Sunday, December 10, 2017 4:09 PM
To: cifs-protocol at lists.samba.org; Interoperability Documentation Help <dochelp at microsoft.com>
Subject: Missing and duplicate rightGuid values for Extended Rights
While working to re-construct the validAccesses value that is not provides in MS-ATDS explicitly, I've been using the references elsewhere in the docs and cross-referencing things.
This has shown up some puzzling things. I noticed that these GUIDs
domainWidePolicy has:
attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5
domainPolicyReference has
attributeSecurityGuid: a29b89fe-c7e8-11d0-9bae-00c04fd92ef5
localPolicyReference has
attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5
However these are not listed in 3.1.1.2.3.3 Property Set
Also, 72E39547-7B18-11D1-ADEF-00C04FD8D5CD is documented as a rightsGuid for DNS Host Name Attributes and for Validated-DNS-Host- Name.
Can you please shed some light on what is going on here?
Thanks,
Andrew Bartlett
--
Andrew Bartlett
https://na01.safelinks.protection.outlook.com/?url=https:%2F%2Fsamba.org%2F~abartlet%2F&data=04%7C01%7Cdochelp%40windows.microsoft.com%7C7b016232190e47715e5308d5402b6c6b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636485477621680836%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=vmSag1YR50ixX5Wspi1tixMKNzYuepYd6vRSc7%2F44o4%3D&reserved=0
Authentication Developer, Samba Team https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org&data=04%7C01%7Cdochelp%40windows.microsoft.com%7C7b016232190e47715e5308d5402b6c6b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636485477621680836%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=ZLQ9k3l8SdO%2Be9EWGa6KVqFKEv2hUdrftS7BZ87VqPc%3D&reserved=0
Samba Development and Support, Catalyst IT
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcatalyst.net.nz%2Fservices%2Fsamba&data=04%7C01%7Cdochelp%40windows.microsoft.com%7C7b016232190e47715e5308d5402b6c6b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636485477621680836%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=8IlllTcWecwvClCKBN1TsX09nU9fwT%2BVOyfBEyfvkww%3D&reserved=0
More information about the cifs-protocol
mailing list