[cifs-protocol] [MS-LSAD] Are TGT Delegation flags evaluated if Cross Org flag not present - TrackingID#2503210040010018
Sreekanth Nadendla
srenaden at microsoft.com
Fri Mar 28 18:46:33 UTC 2025
Hello Stefan, both of these flags will be evaluated even if TRUST_ATTRIBUTE_CROSS_ORGANIZATION ( 0x00000010 ) is not present.
Regards,
Sreekanth Nadendla
Microsoft Windows Open Specifications
________________________________
From: Jeff McCashland (He/him)
Sent: Friday, March 21, 2025 12:51 PM
To: Stefan Metzmacher
Cc: cifs-protocol at lists.samba.org; Microsoft Support
Subject: [MS-LSAD] Are TGT Delegation flags evaluated if Cross Org flag not present - TrackingID#2503210040010018
[DocHelp to BCC, support on CC, SR ID in Subject]
Hi Stefan,
This is the second email thread for the second part of your questions. We have created SR 2503210040010018 to track this question. One of our engineers will respond soon.
"I'm also wondering if TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION ( 0x00000200 )
and TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION are still evaluated
even if LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION ( 0x00000010 ) is not present."
Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Corporation
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
________________________________
From: Stefan Metzmacher
Sent: Friday, March 21, 2025 7:24 AM
To: Interoperability Documentation Help
Cc: cifs-protocol at lists.samba.org
Subject: [EXTERNAL] TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION is only defined in MS-KILE, but not MS-LSAD
Hi DocHelp,
I'm wondering why TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION is only documented
in MS-KILE, but not in MS-LSAD.
I'm wondering if the value 0x00000800 is the correct one?
I'm also wondering if TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION ( 0x00000200 )
and TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION are still evaluated
even if LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION ( 0x00000010 ) is not present.
Thanks!
metze
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20250328/e299cbcb/attachment.htm>
More information about the cifs-protocol
mailing list