Todo list

Michel michel at
Tue Feb 10 17:02:23 GMT 1998

What about domain trust relationships ?

 Michel van der Laan	-	michel at
In your mail from 10-2-1998 you write:
> I thought I'd try and enumerate some of the things that need
> doing and hopefully get some volunteers to look into them,
> or at least provide comments and pointers on them.
> 1. A FAQ - There's Luke's home page and some other docs in
>    samba/docs to be used as a start, but it would be nice
>    if it was all pulled together to start a regularly
>    posted FAQ to this list.
> 2. PDC-BDC replication
>    We know that all the sensitive parts of the protocol are
>    encrypted with a known RC4 key, but there are quite a
>    few RPCs that need investigating and implementing for
>    PDC-BDC replication (which may also apply to general
>    replication). These include NetDatabaseSync2() and
>    NetDatabaseDeltas(), plus some named pipe netbios
>    "announce change to uas or sam" stuff.
> 3. Password changing. There seems to be dozens of ways to
>    do this and the various mechanisms are documented in
>    some of the cifs documents, microsoft ppp chap extensions,
>    and other places. NetServerPasswordSet() should be an
>    easy one that we haven't got around to yet. The nice
>    one to have would be the CTRL-ALT-DEL password change
>    one as that provides a plaintext password to the server
>    in order that it can be quality checked. Decoding that
>    one means that we can synchonise password databases
>    with /etc/passwd providing the password is changed on
>    the NT machine.
> 4. Web front ends to configuration management data. Until
>    the whole protocol is implemented, it would be easier
>    having a front end to new workstation creation,
>    password changing, etc., so that RPCs for user manager
>    for domains and others don't all have to be implemented
>    (plus you get to be able to admin from Unix/Mac/win3.1).
> 5. Printing. As Luke pointed out, the whole of the spoolss
>    named pipe subsystem needs to be implemented. This is
>    quite a job. It would be nice to do so that printer
>    drivers can be downloaded to workstations as in 95's
>    PRINTER$ system (I'm assuming NT does this with RPCs).
> 6. Other subsystems. MS netmon lists R_DRSUAPI, R_INTERNET,
>    R_WINSIF, R_WINSPOOL as MSRPC services. It would be
>    useful documenting to what extent each is known about,
>    what exports (dumpbin/exports, quickview) are in the
>    associated DLLs, etc.
> winobj and nthandleex give you
>    interesting info on which process is handling which
>    named pipe, i.e. winlogon has the winreg named pipe
>    open.
> 7. Tools. A description of the various tools that can be
>    used to examine NT and network traffic and lists of
>    resources with information. e.g. netmon, sourcer,
>    softice,, msdn, nt resource kit.
>    For people more comfortable debugging Unix, did you
>    know that the AT&T port of the NT domain control
>    system is called Advanced Server for Unix, and the
>    SCO version of this (AFPS) can be obtained for $20
>    as part of their educational and personal releases
>    of Unixware?
> 8. Migration utilities. "How to migrate from your legacy
>    NT server to Samba" :-). A step by step process on
>    extracting the domain SID, user information with
>    pwdump or pwdump2 (Todd Sabin's program that extracts
>    password hashes even after SYSKEY has been installed
>    by injecting a DLL into lsass.exe) and how to
>    structure this into smb.conf.
> Anything else people would like to see?
> Any comments?
> Any volunteers?
> Cheers,
> Paul

More information about the samba-ntdom mailing list