Good morning Andrew - just checking in to see if we have covered everything!
-Original Message-
From: Hongwei Sun
Sent: Wednesday, September 02, 2009 5:10 PM
To: 'Andrew Bartlett'; Bill Wesse
Cc: p...@tridgell.net; cifs-proto...@samba.org; Matthias Dieter Wallnöfer
Subject: RE: [cifs-protocol] Please clarify LSA and OsVersion behaviour in
MS-NRPC (SRX090727600015)
Andrew,
We confirmed that Windows server 2008 and later systems addressed the
problem by implementing validation of the DNSHostName and SPN in
NetrLogonGetDomainInfo to enforce the same constraints as specified in section
3.1.1.5.3.1.1.2(dNSHostName) and 3.1.1.5.3.1.1.4(servicePrincipalName) in
MS-ADTS. Therefore you should follow these rules to match the Windows
behaviors.
Please let us know if you have further questions.
Thanks!
Hongwei Sun - Sr. Support Escalation Engineer DSC Protocol Team, Microsoft
hongw...@microsoft.com
Tel: 469-7757027 x 57027
-
Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: +1(980) 776-8200
CELL: +1(704) 661-5438
FAX: +1(704) 665-9606
-Original Message-
From: Bill Wesse
Sent: Friday, August 28, 2009 10:53 AM
To: 'Andrew Bartlett'
Cc: 'cifs-proto...@samba.org'; 'p...@tridgell.net'; 'Matthias Dieter
Wallnöfer'; Hongwei Sun
Subject: RE: [cifs-protocol] Please clarify LSA and OsVersion behaviour in
MS-NRPC (SRX090727600015)
I will be out of the office on vacation, returning Monday, September 7. My
colleague, Hongwei Sun will be your contact during my absence.
Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: +1(980) 776-8200
CELL: +1(704) 661-5438
FAX: +1(704) 665-9606
-Original Message-
From: Bill Wesse
Sent: Friday, August 28, 2009 7:27 AM
To: 'Andrew Bartlett'
Cc: cifs-proto...@samba.org; p...@tridgell.net; Matthias Dieter Wallnöfer
Subject: RE: [cifs-protocol] Please clarify LSA and OsVersion behaviour in
MS-NRPC (SRX090727600015)
Thanks for the information Andrew; I have proposed we add additional
NetrLogonGetDomainInfo coverage to our test suites.
Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: +1(980) 776-8200
CELL: +1(704) 661-5438
FAX: +1(704) 665-9606
-Original Message-
From: Andrew Bartlett [mailto:abart...@samba.org]
Sent: Thursday, August 27, 2009 5:44 PM
To: Bill Wesse
Cc: cifs-proto...@samba.org; p...@tridgell.net; Matthias Dieter Wallnöfer
Subject: RE: [cifs-protocol] Please clarify LSA and OsVersion behaviour in
MS-NRPC (SRX090727600015)
On Wed, 2009-08-26 at 09:52 -0700, Bill Wesse wrote:
Hello again Andrew - I have a 'short' answer for you.
Windows 2008 does the following additional checks:
1. NETLOGON_WORKSTATION_INFO.DnsHostName and ComputerName match
appropriately (re: trailing '$' on ComputerName) 2.
NETLOGON_WORKSTATION_INFO.DnsHostName suffix is checked against
msDS-AllowedDNSSuffixes.
I can't at the moment be more complete, without exercising
NetrLogonGetDomainInfo against 2000, 2003 and so on. I hesitate to attempt a
description against code hand-checks, as it is just too easy to miss
something.
Do you have any test software already configured to do that?
You could hack the GetDomainInfo test in smbtorture's RPC-NETLOGON. We don't
have anything that lets you set it arbitrarily from the command line (yet, I
could write it).
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
