h what windows produces. I've
tried quite a few combinations (like including the 4 byte header, or
doing the packet before the session key). No luck. Any clues?
Cheers, Tridge
PS: I also submitted this to the file services forum, but am
resubmitting to dochelp as a CAR, and also CCing the
we have the SNIA event, where we will have a free
CIFS plugfest. See http://www.snia.org/events/storage-developer2008/
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
Hi All,
I've put together a video tutorial on how to use the 'gentest'
protocol differencing tool from Samba4. It should be useful for anyone
implementing the SMB or SMB2 protocols.
See http://samba.org/~tridge/samba_testing/
It is quite long (more than an hour), so settle in wit
C 70 3D 75 A2 96 3D ...T55.. ..p=u..=
It is common for crypto algorithms to include examples like this.
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
levels?
The scan also shows that Vista responds to 4 setfsinfo levels:
2, 6, 8, 10
but the doc only lists 6 and 8. Can you please document the extra 2
levels?
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org
, 28, 29,
32, 33, 34, 35, 41, 43, 44, 45, 46, 47, 48, 49
Can you please document the missing levels?
The scan also shows that Vista responds to 9 getfsinfo levels:
1, 3, 4, 5, 6, 7, 8, 9, 10
but the doc only lists 6 levels. Can you please document the extra 3
levels?
Cheers, Tridge
else on this list is interested, the working code is
here:
http://samba.org/ftp/unpacked/samba_4_0_test/source/libcli/smb2/signing.c
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs
Hi Metze,
> > In case anyone else on this list is interested, the working code is
> > here:
> >
> > http://samba.org/ftp/unpacked/samba_4_0_test/source/libcli/smb2/signing.c
>
> You forgot a git push?
yep, sorry, it
w be considered normative
and moved into 3.3.3.15 ?
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
d it or I'd suggest dropping the bit from the mask as I
> state next...
>
> If not, I would suggest to run your test with the following mask: 0C F0 FE
> 00
The test sends a separate SMB2 CREATE request for each bit, so it
sends 32 separate CREATE calls. Have a look at t
SMB2 protocols. We have noticed (for example) that
the w2008 SMB2 server returns STATUS_NOT_SUPPORTED for bit 0x0010
in the create options, whereas the same server using the SMB protocol
returns STATUS_OK, and the SMB2 documentation says it should return
STATUS_INVALID_PARAMETER.
Cheers, Tridge
* Function 0x4d */
> NTSTATUS lsa_LookupNames4(
note that some of these are in MS-LSAT instead of MS-LSAD.
I haven't checked that they are all there, but some of the key ones
are.
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
ht
g :-)
It certainly is done quite badly with many of the tables, but I don't
think there was any intention to make it bad, it is just that as
implementors we run across this poor layout more than the
documentation writers.
Cheers, Tridge
___
cifs-pro
of these
concepts directly in LDAP. So the LDAP schema provides a very natural
way to connect these current disconnected protocols elements within a
common framework.
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
es.
If called with the --wspp option then the script will follow the
current WSPP [MS-ADTS].pdf documentation, otherwise it will implement
what we think is the correct algorithm.
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
OSSSUPERIORS(C) for all C in SUPCLASSES(O)
Let POSSSUPERIORS(O) be the union of
all C such that C!subClassOf is in _POSSSUPERIORS(O)
I'm sure you could find a neater way to handle this.
Cheers, Tridge
___
cifs-protocol mailing list
cifs-prot
h the same
account name.
What we can't work out is how to find the list of unique
attributes. We can't find anything in the schema that tells us an
attribute is unique. What part in the schema gives us that? Or is it
somewhere outside the schema?
Hi Edgar,
Thanks for the detailed reply. It surprises me a bit that this sort of
constraint is not defined at a lower level - I missed the SAMR
constraints on Add as I was expecting something at the schema level.
Please close this CAR.
Cheers, Tridge
e it clear that the
output is then available to licensees under the WSPP license
terms. We'd be happy to write that tool for you if you like.
Please don't just stick it all in a PDF format in a WSPP update -
extracting large lumps of ldif back out of PDFs is pretty
Hi Hongwei,
>Thanks for your request. We will work on it and let you know as
>soon as we complete the investigation.
Any progress on this? Would you like us to give you a tool that
produces the appropriate output in LDIF format?
Cheers,
-schema/MS-AD_Schema_2K8_Classes.txt
I'm pretty sure you intend us to just use the same license, but I
thought I should check.
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
ed by W2K8).
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
the search filter
was for the default NC, and it is the forest name, so I expected all 3
bits to be set.
See http://samba.org/tridge/sniffs/w2k8b-join-w2k8-dc.cap frame
14. The two machines are both w2k8-r2. The DC is 10.0.0.4.
Cheers, Tridge
___
cifs-p
Perhaps
we should use section names?
Cheers, Tridge
PS: In case anyone is curious, the program I use to decode WSPP
bitfields is available here:
http://samba.org/ftp/unpacked/junkcode/wspp_bits.c
it is very rough, but it's somewhat better than being poked in the eye
by a horrendo
perhaps I missed it?
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
DsBind handle if a previous cycle is not
complete. Is that what the Microsoft replication client expects?
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
not a nul byte).
Or perhaps deleted objects are special in their constraints in some
way?
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
re does, although it has less options for things like fancy
authentication.
If you have a look at http://dbench.samba.org/web/smb-loadfiles.html
you can see some examples of how to use it.
Cheers, Tridge
___
cifs-protocol mailing list
cifs-pro
ers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
much for all of the help you gave us to make this
possible!
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
to do with Windows
> Media Player.
you probably just need to install the codec. The x264 (a free varient
of H.264) codec for windows is here:
http://sourceforge.net/projects/x264vfw/files/
I also suspect it will work with a licensed H.264 codec, but I haven't
tested tha
this is not a high priority, but it would be nice to
know the format at some stage.
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
s are installed, even if the directory was created by
Samba. It would be good to get this confirmed.
Similarly, we suspect some of the foreign security principles might
need to be pre-created when we create the directory.
Cheers, Tridge
___
cifs-protocol
but I still can't work out why it crashes.
I wonder if you might be able to look at a TTT trace of repadmin.exe?
I've uploaded it here:
http://samba.org/tridge/ttt/repadminttt.zip
The trace was taken on "repadmin /showrepl blu" where "blu" is the
name of a Samba4 DC
n't explicitly list it as an attribute it wanted.
I've fixed it up now, and repadmin.exe is no longer crashing.
Thanks!
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
correctly, both so we
can display the contents and so we can create it in our own user
management tools. Those tools don't exist yet, which is why this
request is a lower priority than other requests :-)
Cheers, Tridge
___
cifs-protocol mailing lis
cs zone when a DC joins a domain (and
subsequent updates)
Thanks!
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
documented in the MS-GSSA doc?
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
y. I think that I am but
> I want to make sure we are on the same page.
yes, assuming that we have correctly diagnosed the problem, then that
is what we'd like. If there are any other conditions for MS clients
doing TSIG-GSS requests then
sure we get this
right, or at least understand how we're getting it wrong :-)
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
DAP record points at a different
server.
Is this SOA behaviour and AUTHORITY behaviour documented in WSPP
anywhere? We couldn't find it.
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
We've noticed that Windows DNS servers return the SOA record for a
zone twice in a AXFR zone transfer, once at the start of the transfer,
and once at the end.
Can you tell us if that matters? Is it deliberate?
Cheers, Tridge
___
cifs-protocol ma
tanding of
SERVER_SEARCH_FLAG_PHANTOM_ROOT was that the search should cross into
all NCs on the server.
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
out the DNS RPC protocol that MS-DNSP
concentrates on. In our case Samba is a DC that is replicating the DNS
NCs with Microsoft DCs. We need to know how to fill in these fields
when we create records that will be replicated to MS DNS servers via
DRS.
Cheers, Tridge
_
> and once at the end.
>
> Can you tell us if that matters? Is it deliberate?
>
> Cheers, Tridge
> ___
> cifs-protocol mailing list
> cifs-protocol@cifs.org
> https://lists.samba.org/mailman/listinfo/cifs-protocol
g the DNS NCs
> with Microsoft DCs. We need to know how to fill in these fields when we
> create records that will be replicated to MS DNS servers via DRS.
>
> Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
dwFlags : 0x0805 (2053)
dwFlags : 0x8005 (32773)
dwFlags : 0x8205 (33285)
dwFlags : 0xf005 (61445)
Can you let me know what the bits mean?
Cheers, Tridge
___
cif
his stuff
(or the other DNS questions) - after the break is fine.
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
RANK_NS_GLUE
> : 0xf0 RANK_ZONE
the description of the rank values is in [MS-DNSP], but there is
nothing there that I can see on how the rank affects processing. Does
the DNS server change how it handles a record based on the rank?
, it does seem to match the optional
behaviour in RFC1034 section 4.3.4.
I'll ask the bind developers about why bind doesn't implement that
feature.
Thanks!
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://list
he fields
There are probably other missing pieces, and I don't think they would
really fit well in the MS-DNSP document.
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
r we have been discussing.
There seems to be quite a bit of DNS behaviour in Windows that is not
in the DNS RFCs, especially with regard to the mapping between the
ldap storage of DNS data and the DNS server implementation.
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
t for us to do. As we do that development I'm sure there
will be more DNS issues coming up.
As yet we haven't attempted to implement the MS-DNSP RPC protocol,
we're just trying to do the DNS server piece, and have it replicate
correctly with MS DNS servers via DRS. We will l
DAP
server. Unfortunately I can't find any place where we are
inappropriately returning an IPv4 address during the join.
I've put a TTT trace of lsass.exe, along with a network capture and
windows debug logs here:
http://www.samba.org/tridge/ttt/IPv6/
In the trace, the samba server has
gt; trace.
I've redone the trace with the lanmanworkstation process (pid 1004),
and have uploaded the trace to:
http://www.samba.org/tridge/ttt/IPv6/ipv6-2.zip
the zip file also contains the network capture, and the logs from
c:\windows\debug
>If I don't have a chan
l records returned from
a SRV lookup of
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.bludom.tridgell.net
include a A record of 127.0.0.1, which shouldn't be there, as well as
the correct IPv6 address. I'll see if I can fix that and retry.
Wou
ddresses, but it hasn't fixed the join problem.
I've taken a new trace, and put it here:
http://www.samba.org/tridge/ttt/ipv6-3.zip
The DNS replies in the network capture all look OK to me. We don't run
a LLMNR server on Samba, so we don't reply to the LLMNR queries
starting
Thanks Hongwei, have a nice break!
Edgar, let me know if you need any more traces.
Cheers, Tridge
>
>Please go to this instruction point in the previous trace directly ( !tt
> 3BB94041 ). It will directly take you to the beginning of the function
> of querying
Hi Edgar,
I've put the new traces up here:
http://www.samba.org/tridge/ttt/ipv6-4.zip
> Please enable the following GUIDs for ETW tracing.
>
> logman create trace minio_dns -ow -o c:\minio_dns.etl -p
> "Microsoft-Windows-DNS-Client" 0x 0xff -
using ethtool to disable all ofloading on my
adpater.
Cheers, Tridge
___
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
et'. The trace fails with
DS_ROLE_NOT_VERIFIED. As I hope you can see in the trace, we have done
the replication of the configuration and schema partitions before we
do the DsAddEntry.
The trace is available here:
http://www.samba.org/tridge/ttt/join-s4.zip
it also includes a netw
61 matches
Mail list logo
