michel at nijenrode.nl
Tue Feb 10 17:02:23 GMT 1998
What about domain trust relationships ?
Michel van der Laan - michel at nijenrode.nl
In your mail from 10-2-1998 you write:
> I thought I'd try and enumerate some of the things that need
> doing and hopefully get some volunteers to look into them,
> or at least provide comments and pointers on them.
> 1. A FAQ - There's Luke's home page and some other docs in
> samba/docs to be used as a start, but it would be nice
> if it was all pulled together to start a regularly
> posted FAQ to this list.
> 2. PDC-BDC replication
> We know that all the sensitive parts of the protocol are
> encrypted with a known RC4 key, but there are quite a
> few RPCs that need investigating and implementing for
> PDC-BDC replication (which may also apply to general
> replication). These include NetDatabaseSync2() and
> NetDatabaseDeltas(), plus some named pipe netbios
> "announce change to uas or sam" stuff.
> 3. Password changing. There seems to be dozens of ways to
> do this and the various mechanisms are documented in
> some of the cifs documents, microsoft ppp chap extensions,
> and other places. NetServerPasswordSet() should be an
> easy one that we haven't got around to yet. The nice
> one to have would be the CTRL-ALT-DEL password change
> one as that provides a plaintext password to the server
> in order that it can be quality checked. Decoding that
> one means that we can synchonise password databases
> with /etc/passwd providing the password is changed on
> the NT machine.
> 4. Web front ends to configuration management data. Until
> the whole protocol is implemented, it would be easier
> having a front end to new workstation creation,
> password changing, etc., so that RPCs for user manager
> for domains and others don't all have to be implemented
> (plus you get to be able to admin from Unix/Mac/win3.1).
> 5. Printing. As Luke pointed out, the whole of the spoolss
> named pipe subsystem needs to be implemented. This is
> quite a job. It would be nice to do so that printer
> drivers can be downloaded to workstations as in 95's
> PRINTER$ system (I'm assuming NT does this with RPCs).
> 6. Other subsystems. MS netmon lists R_DRSUAPI, R_INTERNET,
> R_LOGON, R_LSARPC, R_REMOTEAUTO, R_RXDS, R_SRVSVC,
> R_WINSIF, R_WINSPOOL as MSRPC services. It would be
> useful documenting to what extent each is known about,
> what exports (dumpbin/exports, quickview) are in the
> associated DLLs, etc.
> www.ntinternals.com winobj and nthandleex give you
> interesting info on which process is handling which
> named pipe, i.e. winlogon has the winreg named pipe
> 7. Tools. A description of the various tools that can be
> used to examine NT and network traffic and lists of
> resources with information. e.g. netmon, sourcer,
> softice, www.ntinternals.com, msdn, nt resource kit.
> For people more comfortable debugging Unix, did you
> know that the AT&T port of the NT domain control
> system is called Advanced Server for Unix, and the
> SCO version of this (AFPS) can be obtained for $20
> as part of their educational and personal releases
> of Unixware?
> 8. Migration utilities. "How to migrate from your legacy
> NT server to Samba" :-). A step by step process on
> extracting the domain SID, user information with
> pwdump or pwdump2 (Todd Sabin's program that extracts
> password hashes even after SYSKEY has been installed
> by injecting a DLL into lsass.exe) and how to
> structure this into smb.conf.
> Anything else people would like to see?
> Any comments?
> Any volunteers?
More information about the samba-ntdom