[SAMBA4] DCERPC association_groups
Stefan (metze) Metzmacher
metze at samba.org
Sat Dec 9 15:22:57 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
it seems that we need to implement support
for association groups in our dcerpc client and server.
see the dcerpc docs:
http://www.opengroup.org/onlinepubs/9629399/chap9.htm#tagcjh_14_03_02
w2k3 makes usage of it when becoming a DC of a domain.
http://samba.org/~metze/ads/w2k3-106-becomes-w2k3-dc-without-joins-01-8.cap
here the DsGetNCChanges() request uses a bind_handle from a DsBind()
from another TCP connection...
I was not able to reproduce this with the libnet/libnet_become_dc.c
code. I'm always getting a DCERPC fault invalid context handle.
I've done some experiments and try to pass the assoc_group_id from the
first connection to the DCERPC Bind Req of the 2nd connection
and also tried use the Multiplex flags in the DCERPC header packet flags.
But there seems to be some more to be done...
Maybe the call id's need to be shared between the connection (w2k3 does
this).
And maybe also the same authentification session key is needed (the same
krb5 service ticket, w2k3 also does this)(this is also the topic of one
of my last mails, where we don't handle the krb5 ccache correctly and
not reuse the service ticket)
metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFFetTRm70gjA5TCD8RAm0XAJwJCT1wIp6aauSdG2va28LGN90XWgCeK1P6
/X45wSuXCeupFDCVC0VOcBQ=
=hUuN
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list