Microsoft Dfs root description in AD

Shirish Kalele kalele at veritas.com
Thu Apr 24 17:57:22 GMT 2003 

Antti,

Try tracing the network traffic when a freshly booted Win2K client tries
to map and then browse a fault-tolerant dfs root. The three entities you
should trace are the client, the DC, and a server hosting one of the dfs
links. Use the cmd window for minimal traffic (since explorer generates a
lot of superfluous traffic). That trace would give us a definite idea of
how the client goes about navigating such a dfs tree. That might give some
context to the information you have below.

Also, smbclient doesn't even browse normal non-fault-tolerant dfs trees
yet (such as the ones hosted by samba). This is something that would need
to be done before even attempting to get it to browse an AD dfs tree.

Hope this helps,
Shirish

On Thu, 24 Apr 2003, Antti Tikkanen wrote:

>On Tue, 22 Apr 2003, Antti Tikkanen wrote:
>
>> Hi all,
>>
>> Has anyone given any effort in examining the Dfs root descriptions stored
>> in Active Directory. I think the required information is stored in
>> somewhere close to:
>>
>>   dn: CN=dfs,CN=Dfs-Configuration,CN=System,DC=my,DC=domain,DC=com
>>
>> More precisely, the attribute pKT contains the root description I think?
>> I gather no specification on this has been published by Microsoft? Does
>> anyone have any pointers as to where I could start?
>>
>> The reason I'm digging into this is that I would like smbclient to have
>> seamless access to my Windows 2000 fileservers.
>
>Answering to myself, I should probably take no other answers to mean that
>no research has been done on this?
>
>My W2k domain's pKT looks like this:
>
>0000000: 0100 0000 1500 0000 1600 5c00 6400 6f00  ..........\.d.o.
>0000010: 6d00 6100 6900 6e00 7200 6f00 6f00 7400  m.a.i.n.r.o.o.t.
>0000020: c600 0000 c10b 649a dc21 f740 9009 b74b  ......d..!. at ...K
>0000030: 0a24 7f0c 1000 5c00 5700 4900 4e00 5c00  .$....\.W.I.N.\.
>0000040: 6400 6600 7300 1000 5c00 5700 4900 4e00  d.f.s...\.W.I.N.
>0000050: 5c00 6400 6600 7300 8100 0000 0100 0000  \.d.f.s.........
>0000060: 0000 70a7 e735 2a02 c001 70a7 e735 2a02  ..p..5*...p..5*.
>0000070: c001 70a7 e735 2a02 c001 0300 0000 5c00  ..p..5*.......\.
>0000080: 0000 0200 0000 2600 0000 10a3 fa81 e30c  ......&.........
>0000090: c001 0200 0000 0100 0000 0c00 4300 4300  ............C.C.
>00000a0: 4400 4300 3000 3200 0600 6400 6600 7300  D.C.0.2...d.f.s.
>00000b0: 2600 0000 70a7 e735 2a02 c001 0200 0000  &...p..5*.......
>00000c0: 0100 0000 0c00 4300 4300 4400 4300 3000  ......C.C.D.C.0.
>00000d0: 3100 0600 6400 6600 7300 0000 0000 0400  1...d.f.s.......
>00000e0: 0000 0000 0000 2c01 0000 5800 5c00 6400  ......,...X.\.d.
>00000f0: 6f00 6d00 6100 6900 6e00 7200 6f00 6f00  o.m.a.i.n.r.o.o.
>0000100: 7400 5c00 3800 4400 4400 4200 4500 4600  t.\.8.D.D.B.E.F.
>0000110: 4300 3400 3700 3900 4600 3800 3500 3800  C.4.7.9.F.8.5.8.
>0000120: 3400 3300 4200 3600 3600 3300 4600 3000  4.3.B.6.6.3.F.0.
>0000130: 3300 4600 3100 3300 3200 3900 3800 4400  3.F.1.3.2.9.8.D.
>0000140: 3400 3800 cc01 0000 8ddb efc4 79f8 5843  4.8.........y.XC
>0000150: b663 f03f 1329 8d48 1a00 5c00 5700 4900  .c.?.).H..\.W.I.
>0000160: 4e00 5c00 6400 6600 7300 5c00 6800 6f00  N.\.d.f.s.\.h.o.
>0000170: 6d00 6500 1a00 5c00 5700 4900 4e00 5c00  m.e...\.W.I.N.\.
>0000180: 6400 6600 7300 5c00 6800 6f00 6d00 6500  d.f.s.\.h.o.m.e.
>0000190: 0100 0000 0100 0000 4400 4800 6f00 6d00  ........D.H.o.m.
>00001a0: 6500 2000 6400 6900 7200 6500 6300 7400  e. .d.i.r.e.c.t.
>00001b0: 6f00 7200 6900 6500 7300 2000 6600 6f00  o.r.i.e.s. .f.o.
>00001c0: 7200 2000 7500 7300 6500 7200 2000 6100  r. .u.s.e.r. .a.
>00001d0: 6300 6300 6f00 7500 6e00 7400 7300 e028  c.c.o.u.n.t.s..(
>00001e0: 76f2 b502 c001 e028 76f2 b502 c001 50f1  v......(v.....P.
>00001f0: b801 d2ba c001 0300 0000 0a01 0000 0200  ................
>0000200: 0000 4200 0000 901e ed55 a513 c201 0100  ..B......U......
>0000210: 0000 0200 0000 2600 6300 6300 6600 6900  ......&.c.c.f.i.
>0000220: 6c00 6500 3000 3200 2e00 7700 6900 6e00  l.e.0.2...w.i.n.
>0000230: 2e00 6800 7500 7400 2e00 6600 6900 0800  ..h.u.t...f.i...
>0000240: 6800 6f00 6d00 6500 4200 0000 405d 3dbd  h.o.m.e.B...@]=.
>0000250: 184f c201 0200 0000 0200 0000 2600 6300  .O..........&.c.
>0000260: 6300 6600 6900 6c00 6500 3000 3100 2e00  c.f.i.l.e.0.1...
>0000270: 7700 6900 6e00 2e00 6800 7500 7400 2e00  w.i.n...h.u.t...
>0000280: 6600 6900 0800 6800 6f00 6d00 6500 0200  f.i...h.o.m.e...
>0000290: 0000 2c00 0000 70e8 7138 4b90 c001 0200  ..,...p.q8K.....
>00002a0: 0000 0200 0000 1000 4300 6300 6600 6900  ........C.c.f.i.
>00002b0: 6c00 6500 3000 3100 0800 6800 6f00 6d00  l.e.0.1...h.o.m.
>00002c0: 6500 4200 0000 0036 b208 8e78 c001 0100  e.B....6...x....
>00002d0: 0000 0200 0000 2600 6300 6300 6600 6900  ......&.c.c.f.i.
>00002e0: 6c00 6500 3000 3200 2e00 7700 6900 6e00  l.e.0.2...w.i.n.
>00002f0: 2e00 6800 7500 7400 2e00 6600 6900 0800  ..h.u.t...f.i...
>0000300: 6800 6f00 6d00 6500 0400 0000 0000 0000  h.o.m.e.........
>0000310: 0807 0000 5800 5c00 6400 6f00 6d00 6100  ....X.\.d.o.m.a.
>0000320: 6900 6e00 7200 6f00 6f00 7400 5c00 4300  i.n.r.o.o.t.\.C.
>0000330: 3500 4100 3700 4400 3500 3100 3400 4100  5.A.7.D.5.1.4.A.
>0000340: 3100 4600 3900 3600 4400 3400 4600 3800  1.F.9.6.D.4.F.8.
>0000350: 4100 4500 3200 3100 3900 3600 3100 3300  A.E.2.1.9.6.1.3.
>0000360: 3600 3000 3900 3100 3400 4500 3100 f601  6.0.9.1.4.E.1...
>0000370: 0000 c5a7 d514 a1f9 6d4f 8ae2 1961 3609  ........mO...a6.
>0000380: 14e1 2000 5c00 5700 4900 4e00 5c00 6400  .. .\.W.I.N.\.d.
>0000390: 6600 7300 5c00 7000 7200 6f00 6600 6900  f.s.\.p.r.o.f.i.
>00003a0: 6c00 6500 2000 5c00 5700 4900 4e00 5c00  l.e. .\.W.I.N.\.
>00003b0: 6400 6600 7300 5c00 7000 7200 6f00 6600  d.f.s.\.p.r.o.f.
>00003c0: 6900 6c00 6500 0100 0000 0100 0000 4a00  i.l.e.........J.
>00003d0: 5000 7200 6f00 6600 6900 6c00 6500 2000  P.r.o.f.i.l.e. .
>(.. continues)
>
>This does not look like ASN.1 atleast, does anyone have any idea how to go
>about this? Probably a proprietary format?
>
>Does the Samba team have any use for the information if someone were to
>reverse engineer this (if reverse engineering is indeed necessary)?
>
>
>Antti
>
>--
>
>Antti.Tikkanen at hut.fi
>Helsinki University of Technology
>Computing Centre
>

More information about the samba-technical mailing list