[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: Re: [cifs-protocol] [REG:114112412079949] Is MS-ADTS DL_DRSGetMemberships correct for workstation tr
From: Andrew Bartlett <abartlet () samba ! org>
Date: 2014-12-02 23:13:40
Message-ID: 1417562020.16985.29.camel () samba ! org
[Download RAW message or body]
On Tue, 2014-12-02 at 23:06 +0000, Obaid Farooqi wrote:
> Hi Andrew:
> As per MS-DRSR, section "4.1.8.2.4 GetDSNameOfEnterpriseRODCsGroup", the procedure \
> GetDSNameOfEnterpriseRODCsGroup is going to return an object whose Sid is <domain \
> SID>-498. This SID is for the group object CN=Enterprise Read-Only Domain \
> Controllers.
> So the following snippet in effect will add the DSName of the above object to the \
> wSet if u object happens to be a workstation or an RODC. The workstation object is \
> not added to set.
> if((u!userAccountControl & ADS_UF_WORKSTATION_TRUST_ACCOUNT \
> =ADS_UF_WORKSTATION_TRUST_ACCOUNT) or (u!userAccountControl & \
> ADS_UF_PARTIAL_SECRETS_ACCOUNT =ADS_UF_PARTIAL_SECRETS_ACCOUNT)) wSet := wSet + \
> GetDSNameOfEnterpriseRODCsGroup() endif
>
> Please let me know if I did not understand your question correctly or the above \
> explanation does not answer your question.
I agree that is what it does, but is that what it should do, in the
context? Shouldn't we be adding this to the set only if we are an RODC,
but not if we are a workstation?
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
_______________________________________________
cifs-protocol mailing list
cifs-protocol@samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic