RPC and Active Directory

Gerald (Jerry) Carter jerry at samba.org
Tue Aug 16 22:41:42 GMT 2005

Hash: SHA1

Jonny Larson wrote:
> Hello:
> I'm using the Samba libraries to glean user information 
> from Active Directory.  I'm somewhat confused about RPC, Kerberos,
> NTLM, RAP, etc., and how they all fit together.
> For instance, to get the user's password expiration I can use:
> rpcclient <server> -U <username%pwd>
> then the "enumdomusers" command followed by "queryuser <rid>"
> This authentications using regular old NTLM.  Will this work 
> if dual compatibility mode is turned off on the ADS server?

You mean mixed mode vs. native mode?  Yes. It will still work.

> There doesn't seem to be the equivalent command to get 
> user information (password expiration) using the "net ads..."
> command.  My guess is that I have to figure out the correct
> LDAP query and do this myself.  If such is the case will this
> work if dual compatibility mode is turned off on the ADS
> server

You migh prefer to use 'net ads search' for the username.
That should dump all attributes.

> Perhaps someone could point me to a document that describes the
> relationships between ADS, Kerberos, NTLM, LDAP, etc.?

It's quite complicated.  I would recommend understand the
parts one by one first.

cheers, jerry
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba-technical mailing list