svn commit: lorikeet r81 - in trunk/samba4-ad-thesis: .

abartlet at samba.org abartlet at samba.org
Mon Sep 27 23:14:25 GMT 2004


Author: abartlet
Date: 2004-09-27 23:14:25 +0000 (Mon, 27 Sep 2004)
New Revision: 81

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeet&path=/trunk/samba4-ad-thesis&rev=81&nolog=1

Log:
Start to comment on LDAP and DRSUAPI.

Andrew Bartlett

Modified:
   trunk/samba4-ad-thesis/chapters.lyx


Changeset:
Modified: trunk/samba4-ad-thesis/chapters.lyx
===================================================================
--- trunk/samba4-ad-thesis/chapters.lyx	2004-09-27 00:11:38 UTC (rev 80)
+++ trunk/samba4-ad-thesis/chapters.lyx	2004-09-27 23:14:25 UTC (rev 81)
@@ -237,7 +237,12 @@
 
 These calls are not documented, and while the basic transport is DCE/RPC,
  and documents and a reference implementation are available from the Open
- Group, this does not address the individual calls that the client will
+ Group
+\begin_inset LatexCommand \citet{opengroupdce}
+
+\end_inset 
+
+, this does not address the format of individual calls that the client will
  make.
 \layout Standard
 
@@ -1540,7 +1545,7 @@
 
 \layout Subsection
 
-DCE-RPC
+DCE-RPC over CIFS
 \layout Standard
 
 
@@ -1681,16 +1686,31 @@
 
 \layout Subsection
 
-LDAP
+Modifying the servicePrincipalNames
 \layout Standard
 
 Up until this point, the join process is very much like that to a Samba
- or NT4 server, however the client soon changes the problem drastically,
- by making a call to the LDAP server, presumed to be operating on the same
- Domain Controller.
- Combined with yet more DCE-RPC calls, this time to the DRSUAPI service,
- the client uses LDAP to modify the Kerberos service principal names associated
- with the machine account.
+ or NT4 server, and can be implemented without many changes to an existing
+ codebase.
+ However, the client soon changes the problem drastically, by making a call
+ to the LDAP server, which it presumes to be operating on the same Domain
+ Controller.
+ Combined with yet more DCE-RPC calls, this time to the DRSUAPI (Directory
+ Replicaiton Service) endpoint, the client uses LDAP to modify the Kerberos
+ service principal names associated with the machine account.
+\layout Standard
+
+This series of calls is interesting for a number of reasons, but particularly
+ because of the implementation challenges it causes.
+\layout Subsubsection*
+
+LDAP Bind
+\layout Standard
+
+The LDAP protocol consists of a connect, and optionally a bind (authenticate
+ request) as a particular user.
+ In the case of Active Directory, the bind uses SASL/GSS-SPNEGO/GSS-KRB5
+ to authenticated the user.
 \layout Part
 
 Implementation



More information about the samba-cvs mailing list