[cifs-protocol] LsarOpenPolicy3 and LsarQueryInformationPolicy2 - TrackingID#2407120040007167

Hi Andreas: Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon. We received two emails for this issue so your 2nd and 3rd tries were successful. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Ori

Re: [cifs-protocol] What is ADWS? - TrackingID#2406240040003279

Hi Douglas: I'll help you with this question and will be in touch as soon as I have an answer. Regards, Obaid Farooqi Escalation Engineer | Microsoft From: Sreekanth Nadendla Sent: Monday, June 24, 2024 7:43 AM To: Douglas Bagnall Cc: cifs-protocol@lists.samba.org; Microsoft Support Subject:

Re: [cifs-protocol] [EXTERNAL] Re: conditional deny aces not working over SMB - TrackingID#2405070040013300

Hi Douglas: My research shows that access denied conditional ACE is only valid when AppLocker check the access. In case of file system, the access denied conditional ACE is not evaluated. I would like to add that by using the conditional access allowed ACE, access denied can be simulated by cra

Re: [cifs-protocol] [EXTERNAL] Re: conditional deny aces not working over SMB - TrackingID#2405070040013300

Hi Douglas: I'll look into this and will be in touch as soon as I have something to share. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Douglas Bagnall Sent: Monday, May 6, 2024 5:54 PM To: Obaid Farooqi ; cifs-protocol@lists.samba.org Cc: Microsoft Su

Re: [cifs-protocol] [EXTERNAL] Looking for missing documentation (MS-KILE?) for CVE-2024-21427 - TrackingID#2404090040000707

Hi Andrew: For the questions posed below by you, we have finished our investigation. CVE-2024-21427: There is no on the wire changes; 21427 made sure we enforced auth silo checks on AS-REQs when they weren't to KRBTGT. We already enforced them on TGS. CVE-2024-20674: There is no on the wire cha

Re: [cifs-protocol] [EXTERNAL] Re: Meaning of 'RoleStandalone' in [MS-GPOL] 3.2.5.1.4 Site Search - TrackingID#2401050040009225

Hi Anreas: Can you please run this test against the client machine and let me know if it works or fails? Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Andreas Schneider Sent: Monday, January 22, 2024 4:36 AM To: cifs-protocol@lists.samba.org; Obaid Faro

Re: [cifs-protocol] [EXTERNAL] Re: Meaning of 'RoleStandalone' in [MS-GPOL] 3.2.5.1.4 Site Search - TrackingID#2401050040009225

Hi Andreas: You can use you version of tttracer if it is not too old. Otherwise, download it from the following link. I have uploaded a zip file named PartnerTTDRecorder_x86_x64.zip to the following folder. https://support.microsoft.com/files?workspace=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ3c

Re: [cifs-protocol] [EXTERNAL] Re: Meaning of 'RoleStandalone' in [MS-GPOL] 3.2.5.1.4 Site Search - TrackingID#2401050040009225

Hi Andreas: I'll need some traces from you. Let me see what processes runs these methods and then I'll send you bits and instructions to collect traces. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Andreas Schneider Sent: Friday, January 19, 2024 5:42

Re: [cifs-protocol] [EXTERNAL] Re: Meaning of 'RoleStandalone' in [MS-GPOL] 3.2.5.1.4 Site Search - TrackingID#2401050040009225

Hi David: The error INVALID_COMPUTERNAME is returned when no domain name can be found based on the provided computer name. This suggest to me that your server is not a member of a domain. Is that the case? Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: D

Re: [cifs-protocol] [MS-ADTS] msDS-ManagedPassword and creationTime - TrackingID#2401100040000760

Hi Joseph: Thanks for bringing this to our attention. The creationTime is actually the attribute whenCreated, specified in section 2.371 in MS-ADA3. https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-ada3/ada870e9-f8d3-4e3b-bc80-b3a888f05204 I have filed a bug to fix this issue in

Re: [cifs-protocol] Meaning of 'RoleStandalone' in [MS-GPOL] 3.2.5.1.4 Site Search - TrackingID#2401050040009225

Hi David: Please let me know (see below). Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Obaid Farooqi Sent: Thursday, January 11, 2024 1:42 PM To: David Mulder Cc: cifs-protocol@lists.samba.org; Andreas Schneider ; Microsoft Support Subject: RE: Meanin

Re: [cifs-protocol] [EXTERNAL] [MS-GKDI] GetKey — Group Keys and Seed Keys - TrackingID#2311210040001551

Hi Joseph: The term group key is a generic name. Protocols return two types of group keys; public key or seed key that can be used to derive the private or symmetric keys as stated in the document is section "1.3 Overview", as follows: " Based on an evaluation of the client's security context an

Re: [cifs-protocol] Meaning of 'RoleStandalone' in [MS-GPOL] 3.2.5.1.4 Site Search - TrackingID#2401050040009225

Hi David: The definition of 'DsRole_RoleStandaloneWorkstation' and 'DsRole_RoleStandaloneServer' (and others) is in MS-DSSP section 2.2.2. Please review that and let me know if that information resolves your question. If it does not, please rephrase your question in the light of the information

[cifs-protocol] [MS-OAPXBC] Exchange PRT for Access Token, HS256 or RS256? - TrackingID#2312150040011919

Hi David: Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: David Mulder Sent: Friday, December 15, 2023 2:52 PM To:

Re: [cifs-protocol] [EXTERNAL] [MS-ADTS] GetgMSAPasswordBlob — Calculation of rollover interval - TrackingID#2311230040000495

Hi Joseph: Thanks for bringing this to our attention. You are right. The correct formula would be (TO!msDS-ManagedPasswordInterval × 24 ∕ 10) × KeyCycleDuration I have filed a bug to address issue in the document. Please let me know if this does not answer your question. Regards, Obaid Farooqi

Re: [cifs-protocol] [EXTERNAL] Re: DirSync ACLs and Deleted Objects - TrackingID#2310230040015878

-11-09 at 05:10 +, Obaid Farooqi via cifs-protocol wrote: Hi Andrew: Can you please let me know if the information I provided resolves your issue? Regards, Obaid Farooqi Escalation Engineer | Microsoft From: Obaid Farooqi Sent: Tuesday, October 31, 2023 2:18 PM To: Andrew Bartlett mailto:abart

Re: [cifs-protocol] [EXTERNAL] Re: conditional deny aces not working over SMB - TrackingID#2310190040000571

Hi Douglas: I assume the following link is working. If you have any other questions, please let me know. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Obaid Farooqi Sent: Wednesday, October 25, 2023 5:03 PM To: Douglas Bagnall ; cifs-protocol@lists.sa

Re: [cifs-protocol] [EXTERNAL] Re: DirSync ACLs and Deleted Objects - TrackingID#2310230040015878

Hi Andrew: Can you please let me know if the information I provided resolves your issue? Regards, Obaid Farooqi Escalation Engineer | Microsoft From: Obaid Farooqi Sent: Tuesday, October 31, 2023 2:18 PM To: Andrew Bartlett Cc: cifs-protocol mailing list ; Microsoft Support Subject: RE: [EXTER

Re: [cifs-protocol] [EXTERNAL] Re: DirSync ACLs and Deleted Objects - TrackingID#2310230040015878

Hi Andrew: Here is the logic for returning deleted and/or recycled state: 1. dirSyn per-object security mode 2. parent does not allow visibility 3. Object is deleted or recycled 4. Deleted or recycled attribute has changed since last sync If LDAP_DIRSYNC_OBJECT_SECURITY is specified

Re: [cifs-protocol] DirSync ACLs and Deleted Objects - TrackingID#2310230040015878

Hi Andrew: I'll help you with this issue. I need a little clarification. I did not understand what you have in the following sentence between dashes: "They are stripped of most information, but a filter attack (eg search for CN=a*) can be used to discover the values - an object is returned nor no

Re: [cifs-protocol] [EXTERNAL] Re: conditional deny aces not working over SMB - TrackingID#2310190040000571

Hi Douglas: See if this works for you: https://learn.microsoft.com/en-us/windows-server/identity/solution-guides/deploy-a-central-access-policy--demonstration-steps- -Original Message- From: Douglas Bagnall Sent: Wednesday, October 25, 2023 3:34 PM To: Obaid Farooqi ; cifs-protocol@list

Re: [cifs-protocol] conditional deny aces not working over SMB - TrackingID#2310190040000571

Hi Douglas: My conversation with product group revealed that the claims based authorization was developed to protect files, SMB or otherwise. How did you set up you test environment? Here is some instructions on setting up a test environment: https://learn.microsoft.com/en-us/windows-server/ident

[cifs-protocol] DirSync ACLs and Deleted Objects - TrackingID#2310230040015878

Hi Andrew: Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Andrew Bartlett Sent: Monday, October 23, 2023 4:15 PM T

Re: [cifs-protocol] [EXTERNAL] conditional deny aces not working over SMB - TrackingID#2310190040000571

Hi Douglas: I'll look into this and will be in touch as soon as I have an answer. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Jeff McCashland (He/him) Sent: Wednesday, October 18, 2023 8:45 PM To: Douglas Bagnall ; cifs-protocol@lists.samba.org Cc: Mi

Re: [cifs-protocol] [MS-DTYP] no SDDL for ACCESS_DENIED_CALLBACK_OBJECT_ACE? - TrackingID#2308250010010895

Hi Douglas: Your research is spot on. There is no definition of "Access Denied Object Callback" in code. If this doesn't answer your question, please let me know. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Obaid Farooqi Sent: Tuesday, August 29, 20

Re: [cifs-protocol] [MS-DTYP] no SDDL for ACCESS_DENIED_CALLBACK_OBJECT_ACE? - TrackingID#2308250010010895

Hi Douglas: I'll help you with this issue and will be in touch as soon as I have an answer. -Original Message- From: Tom Jebo Sent: Friday, August 25, 2023 12:29 PM To: Douglas Bagnall ; cifs-protocol@lists.samba.org Cc: Microsoft Support Subject: RE: [EXTERNAL] [MS-DTYP] no SDDL for

Re: [cifs-protocol] [EXTERNAL] Kerberos e-data NTSTATUS encoding - TrackingID#2305240040010867

Hi Andrew: The information in the reserved and flags field in not really interesting for anyone who does not have access to Windows source code. The reserved filed has file number and line number in it where the error is generated. The flags field can have only two values. 0x1 0x2 0x1 is already

Re: [cifs-protocol] [EXTERNAL] Re: [MS-DTYP] Conditional ACE Unicode literal SDDL format - TrackingID#2302240040001164

Hi Douglas: In addition to what I said below, I confirmed with product group that the % with 4 hex digits is only applicable for attribute name. This is correctly documented in MS-DTYP as follows: attr-name = attr-name1 / attr-name2 attr-name2 = ("@user." / "@device." / "@resou

Re: [cifs-protocol] [EXTERNAL] Earlier AD schema updates - now published on MicrosoftDocs - TrackingID#2305110040008070

Hi Andrew: Thanks for the update. I'll close this case. Regards, Obaid Farooqi Escalation Engineer | Microsoft From: Jeff McCashland (He/him) Sent: Thursday, May 11, 2023 11:44 AM To: Andrew Bartlett ; Interoperability Documentation Help Cc: cifs-protocol mailing list Subject: Re: [EXTERNAL]

Re: [cifs-protocol] [EXTERNAL] Re: [MS-DTYP] Conditional ACE Unicode literal SDDL format - TrackingID#2302240040001164

Hi Douglas: I researched the code for classSchema object and the default security descriptor in SDDL is only converted to binary SD when an object of that class is instantiated. And guess what, the same API is used to convert default SD that I have already communicated to you. I can say with gr

[cifs-protocol] [MS-DTYP] Conditional ACE SDDL: NOT syntax clarification - TrackingID#2303150040000163

Hi Douglas: I tested and no, "(" is not required after "!" I gave the following SDDL to apply to a file and I worked as intended: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A; OICI; GRGWGX;;; AU)(XA;;FX;;;S-1-1-0;(!@User.Title == "PM"))(A;OICI;GA;;;BA) I'll file a bug against MS-D

Re: [cifs-protocol] [EXTERNAL] Is MS-XCA LZ-77 plain compression the same as MS-DRSR DRS_COMP_ALG_WIN2K3 compression? - TrackingID#2211280040006230

Hi Douglas: The MS-DRSR uses a different API than what MS-XCA uses. Please let me know if this does not answer your question. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Tom Jebo Sent: Monday, November 28, 2022 11:02 AM To: Douglas Bagnall ; cifs-p

Re: [cifs-protocol] [EXTERNAL] Re: [MS-XCA] LZ77+ Huffman questions EOF/256 and decoded file length - TrackingID#2210140040006056

Hi Douglas: After spending a lot of time researching this, I have not seen any instance in code where the following behavior is implemented: " Alternately, an implementation can explicitly examine the input buffer using the Huffman table from the previous block. " For the following excerpt: " Du

[cifs-protocol] SMB2_CREATE error code IO_REPARSE_TAG_NOT_HANDLED? - TrackingID#2211180040005873

Hi Volker: Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Volker Lendecke Sent: Friday, November 18, 2022 7:21 AM

Re: [cifs-protocol] [MS-XCA] LZ77+ Huffman questions EOF/256 and decoded file length - TrackingID#2210140040005955

Hi Douglas: Here is the answer to your following question: Q. 3. The decompression algorithm in "2.2.4 Processing" contains this clause: Else If HuffmanSymbol == 256 and the entire input buffer has been read and the expected decompressed size has been written to the

Re: [cifs-protocol] [EXTERNAL] [MS-XCA] LZ77+ Huffman questions EOF/256 and decoded file length - TrackingID#2210140040005919

Hi Douglas: Here is the answer to your following question: Q. 2. In "2.1.4.3 Final Encoding Phase", 256 is just an "example" of and end-of-data marker that "certain implementations" require: > Implementations of the decompression algorithm may expect an extra > symbol to mark the end of the data

[cifs-protocol] [MS-XCA] LZ77+ Huffman questions EOF/256 and decoded file length - - TrackingID#2210140040005892

Hi Douglas: Here is the answer to your following question: Q. 1. is the 256 symbol ever used as a match? I see nothing in MS-XCA to suggest that it is not, but I have seen implementations that assume it won't be (i.e. the only 256 will be the EOF). A: The symbol 256 is treated as EOF at the fo

Re: [cifs-protocol] [EXTERNAL] Re: [MS-XCA] LZ77 + Huffman: is sometimes slightly more than 64k encoded in as block? - TrackingID#2211010040007989

Hi Douglas: The 64k block size for XPRESS_HUFF only applies when the length of maximum match is less than 64k. If a match is greater than 64k long, XPRESS_HUFF, during LZ phase, keeps going till either the match ends or the input ends. Since the maximum input size is unsigned long (0x),

Re: [cifs-protocol] [MS-XCA] LZ77 + Huffman: is sometimes slightly more than 64k encoded in as block? - TrackingID#2211010040007989

[Kristian to Bcc] Hi Douglas: I will help you with this issue and will be in touch as soon as possible. Is it possible to send me the file you're compressing? If it is, please upload the file to the following link: https://support.microsoft.com/files?workspace=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1Ni

Re: [cifs-protocol] [EXTERNAL] Re: [MS-XCA] is LZ77 + Huffman the same as the Win32 compression API? - TrackingID#2210190040006868

Hi Douglas: While I am not at the stage where I can confirm " With regard to the UncompressedChunkSize parameter, is that only of importance to the LZNT1 algorithm (MS-XCA 2.5.1)?", what I can confirm that UncompressedChunkSize is irrelevant for XPRESS and XPRESS_HUFF. I am working on your oth

Re: [cifs-protocol] [EXTERNAL] Re: [MS-XCA] is LZ77 + Huffman the same as the Win32 compression API? - TrackingID#2210190040006868

Hi Douglas: Yes, AD uses the same API for compressing the claims. I am not the right person to ask API related questions. I and my team support open specifications. You are welcome to try forums that discuss Windows APIs such as stack overflow. Please let me know if this does not answer your que

Re: [cifs-protocol] [MS-XCA] is LZ77 + Huffman the same as the Win32 compression API? - TrackingID#2210190040006868

Hi Douglas: The API in question is one implementation of MS-XCA. The decision to compress or not compress as well as adding a header is the decision of the designer of the API. SMB compression has its own decision logic about whether to compress or not to compress given data. Is your research

Re: [cifs-protocol] [EXTERNAL] [MS-XCA] LZ77+ Huffman questions EOF/256 and decoded file length [ - TrackingID#2210140040005955

[Tom to Bcc] Hi Douglas: This is the thread for your question 3 below. I'll help you with this issue and will be in touch as soon as I have an answer. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Tom Jebo Sent: Friday, October 14, 2022 11:35 AM To: Do

Re: [cifs-protocol] [EXTERNAL] [MS-XCA] LZ77+ Huffman questions EOF/256 and decoded file length - TrackingID#2210140040005919

Hi Douglas: This thread is for 2nd question for your question 2 below. I'll help you with this issue and will be in touch as soon as I have an answer. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Douglas Bagnall Sent: Thursday, October 13, 2022 11:23

Re: [cifs-protocol] [EXTERNAL] Re: [MS-XCA] LZ77+ Huffman questions EOF/256 and decoded file length - TrackingID#2210140040006056

[Tom to Bcc] Hi Douglas: I'll help you with this issue and will be in touch as soon as I have an answer. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Tom Jebo Sent: Friday, October 14, 2022 11:50 AM To: Douglas Bagnall ; cifs-protocol@lists.samba.org;

Re: [cifs-protocol] [EXTERNAL] [MS-XCA] LZ77+ Huffman questions EOF/256 and decoded file length [ - TrackingID#2210140040005892

[Tom to Bcc] Hi Douglas: I'll help you with this issue and will be in touch as soon as I have an answer. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Tom Jebo Sent: Friday, October 14, 2022 11:35 AM To: Douglas Bagnall ; cifs-protocol@lists.samba.org;

[cifs-protocol] [MS-ADTS] SID as DN alternative for querying groups by member - TrackingID#2209290040008412

Hi Christof: Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Christof Schmitt Sent: Thursday, September 29, 2022 5

[cifs-protocol] [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512 - TrackingID#2206210040006850

Hi Andreas: Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Andreas Schneider Sent: Tuesday, June 21, 2022 8:00 AM

Re: [cifs-protocol] [EXTERNAL] Re: Can I please get any doc updates for https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26931 - TrackingID#2205110040000723

Hi Andrew: In addition to MS-WCCE and MS-CRTD, MS-PKCA was modified for CVE-2022-26931. The changes are published as errata. You can find the changes here: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-winerrata/85d75079-92de-47e6-a1c1-7e4fd7f27a10 No changes were made to any AD

Re: [cifs-protocol] Anonymous access to lsarpc changes (LSA Spoofing): Can I please get any doc updates for https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925 - TrackingID#2205110040

Hi Andrew: After CVE-2022-26925, if a client connects to MS-EFSR server over lsarpc pipe and authenticates anonymous, use of any of the interfaces listed in MS-EFSR will receive RPC_S_ACCESS_DENIED. I have filed a bug to document this in MS-EFSR. Please let me know if this does not answer your

Re: [cifs-protocol] Anonymous access to lsarpc changes (LSA Spoofing): Can I please get any doc updates for https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925 - TrackingID#2205110040

Hi Andrew: There is really no protocol level changes for CVE-2022-26925. Here is what is done to lockdown the anonymous access on lsarpc named pipe. This change is only effective for MS-EFSR protocol. When the EFS service registers with lsarpc endpoint, it now specifies RPC_IF_ALLOW_SECURE_ONLY

Re: [cifs-protocol] Anonymous access to lsarpc changes (LSA Spoofing): Can I please get any doc updates for https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925 - TrackingID#2205110040

Hi Andrew: There are no doc changes for CVE-2022-26925. I am looking into it and let you know if any doc changes are warranted. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Sreekanth Nadendla Sent: Tuesday, May 10, 2022 9:16 PM To: Andrew Bartlett Cc

Re: [cifs-protocol] Can I please get any doc updates for https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26931 - TrackingID#2205110040000723

Hi Andrew: The Errata is updated for the CVE-2022-26931. The links to changes are as follows: * MS-CRTD: [MS-WINERRATA]: Certificate Templates Structure | Microsoft Docs https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_proto

[cifs-protocol] MS-PAC new buffers 17 and 18 - TrackingID#2112060040006918

Hi Isaac: Thanks for brining this to our attention. While you found the answer, we would still like to include this info in our documentation. We will look into this and a bug will be filed against the document MS-PAC if needed Regards, Obaid Farooqi Escalation Engineer | Microsoft -Origina

Re: [cifs-protocol] [EXTERNAL] [MS-SFU] Clarify the new NonForwardableDelegation flag - TrackingID#2107090040004014

Hi Isaac: I'll help you with this issue and will be in touch as soon as I have an answer. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Jeff McCashland Sent: Friday, July 9, 2021 11:55 AM To: Isaac Boukris ; cifs-protocol@lists.samba.org; Greg Hudson

Re: [cifs-protocol] [EXTERNAL] SMB2 Create replay with multichannel - TrackingID#2105010040000535

Hi metze: I am archiving this case. Please reach out to us when you are ready to work on this issue and we'll help you resolve this issue. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Obaid Farooqi Sent: Thursday, May 20, 2021 4:14 PM To: metze Cc: '

Re: [cifs-protocol] [EXTERNAL] SMB2 Create replay with multichannel - TrackingID#2105010040000535

Hi metze: I can't do it without traces. Can you please send me traces for this scenario? Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Obaid Farooqi Sent: Wednesday, May 12, 2021 1:37 PM To: metze Cc: cifs-protocol@lists.samba.org; Obaid Farooqi Subjec

Re: [cifs-protocol] [EXTERNAL] SMB2 Create replay with multichannel - TrackingID#2105010040000535

Hi metze: I am waiting for your traces on this. I did code browsing to figure out what is going on but I do see the code that is supposed to return file_unavailable. So, traces are needed to figure out what is happening. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Mess

Re: [cifs-protocol] MS-SMB2/MS-FSA: setting SD inherited ACL flag "... - TrackingID#2105100040001378

Hi Ralph: What you are describing is documented in MS-DTYP section "2.4.6 SECURITY_DESCRIPTOR", as follows: " DC | Set when the DACL is to be computed through inheritance. When both DC and DI DACL Computed Inheritance Required

Re: [cifs-protocol] [EXTERNAL] Re: MS-SMB2/MS-FSA: setting SD inherited ACL flag "DACL Auto-Inherited" (DI)

Hi Ralph: I'll help you with this issue and will be in touch as soon as I have an answer. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Ralph Boehme Sent: Monday, May 10, 2021 3:22 AM To: Interoperability Documentation Help Cc: cifs-protocol@lists.samb

Re: [cifs-protocol] [EXTERNAL] SMB2 Create replay with multichannel - TrackingID#2105010040000535

Hi metze: Can you please send me the network trace from Windows server side and collect t.cmd traces at the same and upload the network capture and the t*.cab to the following link? I have uploaded the t.cmd file to the following link in t_cmd.zip. On the server, 1. open an elevated cmd windows 2

Re: [cifs-protocol] [EXTERNAL] SMB2 Create replay with multichannel - TrackingID#2105010040000535

Hi Metze: I will help you with this issue and will be in touch as soon as I have an answer. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Hung-Chun Yu Sent: Saturday, May 1, 2021 12:52 PM To: metze Cc: cifs-protocol@lists.samba.org; Hung-Chun Yu Subj

Re: [cifs-protocol] [EXTERNAL] Re: GUI and AD LDAP settings required to enable FAST - TrackingID#2104270040006933

Hi Andrew, Metze: MS-KILE describes the following way to determine is realm supports FAST. MS-KILE section " 3.2.5.4 Using FAST When the Realm Supports FAST" ( https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/1db3d89f-4eb6-4ca5-88c2-e4cc5097db86 ) states that: " In addition t

Re: [cifs-protocol] GUI and AD LDAP settings required to enable FAST - TrackingID#2104270040006933

Hi Andrew: I'll help you with this issue and will be in touch as soon as I have an answer. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Jeff McCashland Sent: Tuesday, April 27, 2021 11:28 AM To: metze ; Andrew Bartlett Cc: cifs-protocol mailing list ;

Re: [cifs-protocol] [EXTERNAL] Re: Remote pwd change when "must change at next logon" is set? - TrackingID#2104090040000113

Hi Volker: I am working on it. So far what I see is this: 1. If I have a stand alone server, I can change the password but before changing the password, I need to setup an SMB session to this stand alone server as the administrator (I did not try a standard user), then I can change the passwor

[cifs-protocol] Remote pwd change when "must change at next logon" is set? - TrackingID#2104090040000113

Hi Volker: It is not clear from your description as to what exactly is happening. Can you please provide detailed steps so that I can understand this issue? Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Volker Lendecke Sent: Thursday, April 8, 2021 4:13

Re: [cifs-protocol] [EXTERNAL] RE: [120102224009784] are reparse points and EAs really mutually exclusive?

Hi Aurelien: I asked the PG and they told me that since windows 8.1, both reparse point and EAs can coexist. Please let me know if this does not answer your question. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Aurélien Aptel Sent: Monday, October

Re: [cifs-protocol] [120102224009784] are reparse points and EAs really mutually exclusive?

Hi Aurelian: Can you please provide the same output for a file that you know for sure has a reparse point with some reparse data? Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Obaid Farooqi Sent: Thursday, October 22, 2020 1:17 PM To: Aurelien Aptel

Re: [cifs-protocol] [120102224009784] are reparse points and EAs really mutually exclusive?

Hi Aurelien: Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Aurelien Aptel Sent: Thursday, October 22, 2020 5:53

Re: [cifs-protocol] [EXTERNAL] Re: [REG:120081821001388] LDAP connections have hard timelimit of one hour?

Hi Metze: I have filed two bugs to document the behaviors: first one for the details of the timer when Kerberos ticket is expired and second one for incorrectly encoding the ExtendedResponse in LDAP error message. Please let me know if it does not answer your question. Regards, Obaid Farooqi Es

Re: [cifs-protocol] [EXTERNAL] Re: [REG:120080321001822] LDAP connections have hard timelimit of one hour?

Hi Metze: Please send me requested traces. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Obaid Farooqi Sent: Thursday, August 27, 2020 1:36 PM To: Stefan Metzmacher Cc: cifs-protocol@lists.samba.org; support Subject: RE: [EXTERNAL] Re: [REG:12008032

Re: [cifs-protocol] [EXTERNAL] Re: [REG:120080321001822] LDAP connections have hard timelimit of one hour?

Hi Metze: Please send me ttt traces of lsass process of these behaviors. I have uploaded PartnerTTDRecorder_x86_x64.zip to the following link. Please extract the contents of amd64\TTD folder to your DC in directory c:\ttt. https://support.microsoft.com/files?workspace=eyJ0eXAiOiJKV1QiLCJhbGciO

Re: [cifs-protocol] [EXTERNAL] Re: [REG:120080321001822] LDAP connections have hard timelimit of one hour?

Hi Metze: Thanks for the info. I'll look into this and will get back to you when I have an answer. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Stefan Metzmacher Sent: Friday, August 14, 2020 3:24 AM To: Obaid Farooqi Cc: cifs-protocol@lists.samba.o

Re: [cifs-protocol] [REG:120080321001822] LDAP connections have hard timelimit of one hour?

Hi Metze: This information that you provided is not sufficient to figure out what is happening from the server side that is causing client to issue error. Can you please provide more details and possibly a network capture? Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Me

Re: [cifs-protocol] [REG:120080321001822] LDAP connections have hard timelimit of one hour?

Hi Metze: In case of Windows-Windows, error 52 is generated by the client side (server does not generate this error). How and where you are getting this error? Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Obaid Farooqi Sent: Thursday, August 6, 2020 1

Re: [cifs-protocol] [REG:120080321001822] LDAP connections have hard timelimit of one hour?

Hi Metze: I'll help you with this issue and will be in touch as soon as I have an answer. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Bryan Burgin Sent: Monday, August 3, 2020 12:39 PM To: Stefan Metzmacher Cc: cifs-protocol@lists.samba.org; support

Re: [cifs-protocol] character escaping in DN and canonicalName [120072224000698]

Hi Douglas: Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Douglas Bagnall Sent: Tuesday, July 21, 2020 9:22 PM

Re: [cifs-protocol] [EXTERNAL] Re: [REG:120063021002364] Clarification on length limit in SMB2_FILE_RENAME_INFORMATION filename

Hi Jeremy: MS-SMB2 already addresses this issue from the client perspective. Please check out https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/0900604e-b2d0-4fc3-a804-a61515eba43b#Appendix_A_Target_126 " : In a SET_INFO request where FileInfoClass is set to FileRenameInformat

Re: [cifs-protocol] [EXTERNAL] Re: MS-ADTS: DC handling of modification to msDS-AdditionalDnsHostName [120061624003212]

Hi Isaac: No. The shortname is also part of the bug. So e.g. if the domain is wef2.local and name is forwarder the attribute should have the value altfwd.wef2.local after you execute the following command: Netdom computername forwarder /add:altfwd.wef2.local Regards, Obaid Farooqi Escalatiion E

Re: [cifs-protocol] [EXTERNAL] Re: MS-ADTS: DC handling of modification to msDS-AdditionalDnsHostName [120061624003212]

Hi Isaac: This is a known bug and is fixed in the upcoming release of Windows. I have filed a bug to document this behavior in MS-ADTS. Please let me know if it does not answer your question. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Isaac Boukris

Re: [cifs-protocol] [EXTERNAL] Re: [REG:120063021002364] Clarification on length limit in SMB2_FILE_RENAME_INFORMATION filename

Hi Jeremy: The size of the rename info in the packet is compared to the sizeof(FILE_RENAME_INFORMATION_TYPE_1). MS-FSCC shows on the wire format (serialized). In code the size of this structure is 24 bytes. In case of one character the size becomes 22 and an error is generated since this is lowe

Re: [cifs-protocol] [REG:120063021002364] Clarification on length limit in SMB2_FILE_RENAME_INFORMATION filename

Hi Jeremy: I'll help you with this issue and will be in touch as soon as I have an answer. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Bryan Burgin Sent: Tuesday, June 30, 2020 4:29 PM To: Jeremy Allison ; cifs-protocol@lists.samba.org Cc: s...@samba

Re: [cifs-protocol] MS-ADTS: DC handling of modification to msDS-AdditionalDnsHostName [120061624003212]

Hi Isaac: Is there an easy wasy to reproduce this? It appears that joing a computer to a domain will trigger this but I am not sure if the creation of a computer object always results in creation of this attribute. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message---

Re: [cifs-protocol] SMB2_CREATE pathname "x\..\y.txt" -> STATUS_INVALID_PARAMETER? [120061624003369]

Hi Volker: Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Volker Lendecke Sent: Tuesday, June 16, 2020 10:03 AM

Re: [cifs-protocol] MS-ADTS: DC handling of modification to msDS-AdditionalDnsHostName [120061624003212]

Hi Isaac: Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Isaac Boukris Sent: Tuesday, June 16, 2020 5:45 AM To:

Re: [cifs-protocol] [EXTERNAL] Re: Clarification on expected behavior with SMB2 short reads/writes. [120051422002815]

Hi Jeremy: All you said is spot on. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Jeremy Allison Sent: Tuesday, June 2, 2020 1:51 PM To: Obaid Farooqi Cc: Steve French ; cifs-protocol ; Stefan Metzmacher ; Bradley Suinn ; support ; j...@samba.org

Re: [cifs-protocol] [EXTERNAL] Re: Clarification on expected behavior with SMB2 short reads/writes. [120051422002815]

Hi Jeremy: Windows redirector neither dictates the number of bytes read nor it checks for returned bytes. It is not a bug on redirector. Redirector's behavior is clearly documented in the MS-SMB2. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Steve Fre

Re: [cifs-protocol] [EXTERNAL] Re: Clarification on expected behavior with SMB2 short reads/writes. [120051422002815]

Hi Jeremy: I have filed a bug against MS-SMB2 to document the behavior of Windows for this scenario. Please let me know if it does not answer your question. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Jeremy Allison Sent: Tuesday, May 26, 2020 4:

Re: [cifs-protocol] [EXTERNAL] Re: Clarification on expected behavior with SMB2 short reads/writes. [120051422002815]

Hi Jeremy: Thanks. I'll look into these and will be in touch as soon as I have an snswer. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Jeremy Allison Sent: Tuesday, May 26, 2020 4:21 PM To: Obaid Farooqi Cc: cifs-protocol ; Stefan Metzmacher ; Bradl

Re: [cifs-protocol] Clarification on expected behavior with SMB2 short reads/writes. [120051422002815]

Hi Jeremy: When you conducted this experiment, what tool on the Windows client you used? Also please upload the wireshark trace to the following link: File Transfer - Case 120051422002815 https://support.microsoft.com/files?workspace=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ3c2lkIjoiZjk5NGVkMjEtOG

Re: [cifs-protocol] Clarification on expected behavior with SMB2 short reads/writes. [120051422002815]

Hi Jeremy: I'll help you with this issue and will be in touch as soon as I have an answer. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Obaid Farooqi Sent: Thursday, May 14, 2020 1:16 PM To: Jeremy Allison ; cifs-protocol ; Stefan Metzmacher ; Bradle

Re: [cifs-protocol] Clarification on expected behavior with SMB2 short reads/writes. [120051422002815]

Hi Jeremy: Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -Original Message- From: Jeremy Allison Sent: Thursday, May 14, 2020 12:32 PM T

Re: [cifs-protocol] [EXTERNAL] Re: [REG:120042221001608] MS-KILE | Handling of more than one AD-IF-RELEVANT in Windows

Hi Isaac: I verified that Windows only look for first occurrence of AD-IF-RELEVANT in the AP authenticator when looking for AD-AP-OPTIONS. I have filed a bug to update MS-KILE. Please let me know if this does not answer your question. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft --

Re: [cifs-protocol] [EXTERNAL] Re: [REG:120042221001608] MS-KILE | Handling of more than one AD-IF-RELEVANT in Windows

Hi Isaac: Browsing the code suggest that Windows does entertain the idea of multiple AD-IF-RELEVNET's but your experience is different. That's why we asked for traces to get to the bottom of this but unfortunately, the traces you sent do not load in debugger. This almost never happens. Would yo

Re: [cifs-protocol] [EXTERNAL] Re: dNSProperty parsing of DSPROPERTY_ZONE_NS_SERVERS_DA in particular [120040622000005]

dNSProperty parsing of > DSPROPERTY_ZONE_NS_SERVERS_DA in particular [12004062205] > > G'Day Obiad, > > Any news on this one? > > Thanks, > > Andrew Bartlett > > On Mon, 2020-04-06 at 01:44 +, Obaid Farooqi via cifs-protocol > wrote: > >

Re: [cifs-protocol] [EXTERNAL] Re: dNSProperty parsing of DSPROPERTY_ZONE_NS_SERVERS_DA in particular [120040622000005]

April 22, 2020 4:59 PM > To: Obaid Farooqi ; cifs-protocol mailing list > > Cc: support > Subject: [EXTERNAL] Re: [cifs-protocol] dNSProperty parsing of > DSPROPERTY_ZONE_NS_SERVERS_DA in particular [12004062205] > > G'Day Obiad, > > Any news on this one? >

Re: [cifs-protocol] [EXTERNAL] Re: dNSProperty parsing of DSPROPERTY_ZONE_NS_SERVERS_DA in particular [120040622000005]

ng of DSPROPERTY_ZONE_NS_SERVERS_DA in particular [12004062205] G'Day Obiad, Any news on this one? Thanks, Andrew Bartlett On Mon, 2020-04-06 at 01:44 +0000, Obaid Farooqi via cifs-protocol wrote: > Hi Andrew: > Thanks for contacting Microsoft. I have created a case to track this > issue. A

Re: [cifs-protocol] dNSProperty parsing of DSPROPERTY_ZONE_NS_SERVERS_DA in particular [120040622000005]

Hi Andrew: Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon. Regards, Obaid Farooqi Escalation Engineer | Microsoft -Original Message- From: Andrew Bartlett Sent: Sunday, April 5, 2020 6:44 PM To:

Re: [cifs-protocol] [EXTERNAL] Re: 120022021002221 MS-ADTS | Optional LDAP channel-binding in Windows

Hi Isaac: I found the MS-ADTS section "5.1.2 Message Security" to be most appropriate for this information. So I filed a bug against MS-ADTS. Regards, Obaid Farooqi Escalation Engineer | Microsoft Exceeding your expectations is my highest priority.  If you would like to provide feedback on you

Re: [cifs-protocol] 120022021002221 MS-ADTS | Optional LDAP channel-binding in Windows

Hi Isaac: The clients that support channel binding will include a channel binding regardless. The ones that are patched will include a proper channel binding and once that are not patched will include a channel binding of zeros. The clients that do not have channel binding capability will not in

  1   2   >