SAMR x3e opcode in AD machine join
Anthony Liguori
aliguor at us.ibm.com
Mon Aug 5 08:01:02 GMT 2002
When a WinXP client joins an AD domain, one of the new RPC calls that
appears is a SAMR x3e call. The call appears right before any other SAMR
call (EnumDomains, LookupDomain, OpenDomain, etc.) and returns a policy
handle and NTSTATUS code. The call takes a UNISTR2 (that's typically
"\\DC" either NETBIOS or dns name depending on what is specified when
joining the domain) and what appears to be an ACCESS_MASK.
This function behaves exactly as one would expect a SamrConnect call to
behave even though SamrConnect is already implemented with opcode x39. The
call has to be some varient of SamrConnect because no call to SamrConnect
is made before the other Samr calls to obtain to policy handle. One
possibility is that its a different version of SamrConnect perhaps with
different flags for the ACCESS_MASK parameter.
Another possibility is that it is the SamrIConnect call. On WinXP, dumping
the exports from samsrv.dll will reveal a bunch of SamrIxxx calls. At
first, I thought they may just be internal versions of the call (the
regular Samr calls might just stub to the SamrI call) but SamrConnect
never actually calls SamrIConnect. Perhaps there are new versions of some
of the Samr calls that are now used in Win2k prefixed with SamrI.
Any ideas?
Anthony Liguori
IBM Extreme Blue / Active Blue Directory
aliguor at us.ibm.com
(512) 838-1208
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the samba-technical
mailing list