RPC and Active Directory
Gerald (Jerry) Carter
jerry at samba.org
Tue Aug 16 22:41:42 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jonny Larson wrote:
> Hello:
> I'm using the Samba libraries to glean user information
> from Active Directory. I'm somewhat confused about RPC, Kerberos,
> NTLM, RAP, etc., and how they all fit together.
>
> For instance, to get the user's password expiration I can use:
>
> rpcclient <server> -U <username%pwd>
>
> then the "enumdomusers" command followed by "queryuser <rid>"
>
> This authentications using regular old NTLM. Will this work
> if dual compatibility mode is turned off on the ADS server?
You mean mixed mode vs. native mode? Yes. It will still work.
> There doesn't seem to be the equivalent command to get
> user information (password expiration) using the "net ads..."
> command. My guess is that I have to figure out the correct
> LDAP query and do this myself. If such is the case will this
> work if dual compatibility mode is turned off on the ADS
> server
You migh prefer to use 'net ads search' for the username.
That should dump all attributes.
> Perhaps someone could point me to a document that describes the
> relationships between ADS, Kerberos, NTLM, LDAP, etc.?
It's quite complicated. I would recommend understand the
parts one by one first.
cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDAmumIR7qMdg1EfYRAgxDAKCY521PCsOqjBAMOtOUGapZ8D9G3gCg167Z
EPCA8fdJOCuJECW/p8MEC1M=
=TDVP
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list