RPC and Active Directory
Gerald (Jerry) Carter
jerry at samba.org
Tue Aug 16 22:41:42 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Jonny Larson wrote:
> I'm using the Samba libraries to glean user information
> from Active Directory. I'm somewhat confused about RPC, Kerberos,
> NTLM, RAP, etc., and how they all fit together.
> For instance, to get the user's password expiration I can use:
> rpcclient <server> -U <username%pwd>
> then the "enumdomusers" command followed by "queryuser <rid>"
> This authentications using regular old NTLM. Will this work
> if dual compatibility mode is turned off on the ADS server?
You mean mixed mode vs. native mode? Yes. It will still work.
> There doesn't seem to be the equivalent command to get
> user information (password expiration) using the "net ads..."
> command. My guess is that I have to figure out the correct
> LDAP query and do this myself. If such is the case will this
> work if dual compatibility mode is turned off on the ADS
You migh prefer to use 'net ads search' for the username.
That should dump all attributes.
> Perhaps someone could point me to a document that describes the
> relationships between ADS, Kerberos, NTLM, LDAP, etc.?
It's quite complicated. I would recommend understand the
parts one by one first.
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical