RPC and Active Directory
Jonny.Larson at nokia.com
Fri Aug 5 18:11:20 GMT 2005
I'm using the Samba libraries to glean user information from Active
Directory. I'm somewhat confused about RPC, Kerberos, NTLM, RAP, etc.,
and how they all fit together.
For instance, to get the user's password expiration I can use:
rpcclient <server> -U <username%pwd>
then the "enumdomusers" command followed by "queryuser <rid>"
This authentications using regular old NTLM. Will this work if dual
compatibility mode is turned off on the ADS server?
There doesn't seem to be the equivalent command to get user information
(password expiration) using the "net ads..." command. My guess is that
I have to figure out the correct LDAP query and do this myself. If such
is the case will this work if dual compatibility mode is turned off on
the ADS server?
Perhaps someone could point me to a document that describes the
relationships between ADS, Kerberos, NTLM, LDAP, etc.?
Any and all information would be greatly appreciated.
More information about the samba-technical