[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: [cifs-protocol] 117052515795450, 117052515795477, 117052515795488
From: Sreekanth Nadendla via cifs-protocol <cifs-protocol () lists ! samba ! org>
Date: 2017-05-25 21:24:34
Message-ID: DM5PR21MB0505BE38DBC6AEDF7CF28F96C5FF0 () DM5PR21MB0505 ! namprd21 ! prod ! outlook ! com
[Download RAW message or body]
Hello Andrew, we will be assisting you with questions 1,2,3 and 4 below. Af=
ter initial review, we will start separate e-mail threads for my questions/=
thoughts for these issues to continue the investigation.
Regards,
Sreekanth Nadendla
Microsoft Windows Open Specifications
From: Bryan Burgin
Sent: Wednesday, May 24, 2017 10:10 PM
To: abartlet@samba.org; cifs-protocol@lists.samba.org; garming@catalyst.net=
.nz
Cc: MSSolve Case Email <casemail@microsoft.com>
Subject: 117052515795450: Q1 of 4: WDigest package of supplementalCredentia=
ls attribute
[dochelp on bcc]
[+casemail]
Andrew,
Today we create four cases per your request. This thread concerns issue Q1=
of 4:
Case 1: WDigest package of supplementalCredentials attribute
Documentation of pre-computation hash in WDigest property is wrong.
Construction is inverted. Needs to fix the document.
[MS-SAMR]
3.1.1.8.11.3 Primary:WDigest Property
https://msdn.microsoft.com/en-us/library/cc245679.aspx
3.1.1.8.11.3.1 WDIGEST_CREDENTIALS Construction
https://msdn.microsoft.com/en-us/library/cc245680.aspx
An engineer will contact you about each of these issues on separate threads=
soon.
The other cases, to pull all the threads together, are specified below.
Bryan
Q1: 117052515795450: WDigest package of supplementalCredentials attribute
Q2: 117052515795463: Which change password is proxied from RODC to PDC?
Q3: 117052515795477: Does a BadPwdCount reset also reset some UF flags or o=
ther attributes?
Q4: 117052515795488: Client behavior guidance of DRS_GET_TGT flag in GetNCC=
hanges
Case 1: WDigest package of supplementalCredentials attribute
Documentation of pre-computation hash in WDigest property is wrong.
Construction is inverted. Needs to fix the document.
[MS-SAMR]
3.1.1.8.11.3 Primary:WDigest Property
https://msdn.microsoft.com/en-us/library/cc245679.aspx
3.1.1.8.11.3.1 WDIGEST_CREDENTIALS Construction
https://msdn.microsoft.com/en-us/library/cc245680.aspx
Case 2: Which change password is proxied from RODC to PDC?
Is it expected that RODC should be able to proxy Kerberos change password t=
o the RWDC?
Currently, Samba does proxy authentication, realm trust requests, but are n=
ot proxing any password change.
Case 3: Does a BadPwdCount reset also reset some UF flags or other attribut=
es?
BadPwdCount is local. When it's reset, does it trigger a reset of some othe=
r replicable flags or attributes so that the user is not locked out elsewhe=
re?
Case 4: Client behavior guidance of DRS_GET_TGT flag in GetNCChanges
The request is to provide clarity so that the server side can implement DR=
S_GET_TGT poperly.
DRS_GET_TGT flag syncing particular link values.
Needs tag object clarification, when linked object is deleted, or not prese=
nt, etc.
[MS-DRSR]
4.1.10 IDL_DRSGetNCChanges (Opnum 3)
https://msdn.microsoft.com/en-us/library/dd207691.aspx
4.1.10.5 Server Behavior of the IDL_DRSGetNCChanges Method
https://msdn.microsoft.com/en-us/library/dd207741.aspx
4.1.10.6 Client Behavior When Receiving the IDL_DRSGetNCChanges
https://msdn.microsoft.com/en-us/library/dd207757.aspx
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hello Andrew, we will be assisting you with questions 1,2,3 and \
4 below. After initial review, we will start separate e-mail threads for my \
questions/thoughts for these issues to continue the investigation. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<p class="MsoNormal">Sreekanth Nadendla<o:p></o:p></p>
<p class="MsoNormal">Microsoft Windows Open Specifications<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Bryan Burgin <br>
<b>Sent:</b> Wednesday, May 24, 2017 10:10 PM<br>
<b>To:</b> abartlet@samba.org; cifs-protocol@lists.samba.org; \
garming@catalyst.net.nz<br> <b>Cc:</b> MSSolve Case Email \
<casemail@microsoft.com><br> <b>Subject:</b> 117052515795450: Q1 of 4: WDigest \
package of supplementalCredentials attribute<o:p></o:p></p> </div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">[dochelp on bcc]<o:p></o:p></p>
<p class="MsoNormal">[+casemail]<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Andrew,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Today we create four cases per your request. This thread \
concerns issue Q1 of 4:<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Case 1: WDigest package of \
supplementalCredentials attribute<o:p></o:p></p> <p class="MsoNormal" \
style="margin-left:.5in">Documentation of pre-computation hash in WDigest property is \
wrong.<o:p></o:p></p> <p class="MsoNormal" style="margin-left:.5in">Construction is \
inverted. Needs to fix the document.<o:p></o:p></p> <p class="MsoNormal" \
style="margin-left:.5in">[MS-SAMR]<o:p></o:p></p> <p class="MsoNormal" \
style="margin-left:.5in">3.1.1.8.11.3 Primary:WDigest Property<o:p></o:p></p> <p \
class="MsoNormal" style="margin-left:.5in"><a \
href="https://msdn.microsoft.com/en-us/library/cc245679.aspx">https://msdn.microsoft.com/en-us/library/cc245679.aspx</a><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">3.1.1.8.11.3.1 WDIGEST_CREDENTIALS \
Construction<o:p></o:p></p> <p class="MsoNormal" style="margin-left:.5in"><a \
href="https://msdn.microsoft.com/en-us/library/cc245680.aspx">https://msdn.microsoft.com/en-us/library/cc245680.aspx</a><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<p class="MsoNormal">An engineer will contact you about each of these issues on \
separate threads soon.<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The other cases, to pull all the threads together, are specified \
below.<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Bryan<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Q1: 117052515795450: WDigest package of supplementalCredentials \
attribute<o:p></o:p></p> <p class="MsoNormal">Q2: 117052515795463: Which change \
password is proxied from RODC to PDC?<o:p></o:p></p> <p class="MsoNormal">Q3: \
117052515795477: Does a BadPwdCount reset also reset some UF flags or other \
attributes?<o:p></o:p></p> <p class="MsoNormal">Q4: 117052515795488: Client behavior \
guidance of DRS_GET_TGT flag in GetNCChanges<o:p></o:p></p> <p \
class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Case 1: WDigest package of supplementalCredentials \
attribute<o:p></o:p></p> <p class="MsoNormal">Documentation of pre-computation hash \
in WDigest property is wrong.<o:p></o:p></p> <p class="MsoNormal">Construction is \
inverted. Needs to fix the document.<o:p></o:p></p> <p \
class="MsoNormal">[MS-SAMR]<o:p></o:p></p> <p class="MsoNormal">3.1.1.8.11.3 \
Primary:WDigest Property<o:p></o:p></p> <p class="MsoNormal"><a \
href="https://msdn.microsoft.com/en-us/library/cc245679.aspx">https://msdn.microsoft.com/en-us/library/cc245679.aspx</a><o:p></o:p></p>
<p class="MsoNormal">3.1.1.8.11.3.1 WDIGEST_CREDENTIALS Construction<o:p></o:p></p>
<p class="MsoNormal"><a \
href="https://msdn.microsoft.com/en-us/library/cc245680.aspx">https://msdn.microsoft.com/en-us/library/cc245680.aspx</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Case 2: Which change password is proxied from RODC to \
PDC?<o:p></o:p></p> <p class="MsoNormal">Is it expected that RODC should be able to \
proxy Kerberos change password to the RWDC?<o:p></o:p></p> <p \
class="MsoNormal">Currently, Samba does proxy authentication, realm trust requests, \
but are not proxing any password change.<o:p></o:p></p> <p \
class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Case 3: Does a \
BadPwdCount reset also reset some UF flags or other attributes?<o:p></o:p></p> <p \
class="MsoNormal">BadPwdCount is local. When it's reset, does it trigger a reset of \
some other replicable flags or attributes so that the user is not locked out \
elsewhere?<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Case 4: Client behavior guidance of DRS_GET_TGT flag in \
GetNCChanges<o:p></o:p></p> <p class="MsoNormal">The request is to provide clarity so \
that the server side can implement DRS_GET_TGT poperly. <o:p></o:p></p>
<p class="MsoNormal">DRS_GET_TGT flag syncing particular link values. <o:p></o:p></p>
<p class="MsoNormal">Needs tag object clarification, when linked object is deleted, \
or not present, etc.<o:p></o:p></p> <p class="MsoNormal">[MS-DRSR]<o:p></o:p></p>
<p class="MsoNormal">4.1.10 IDL_DRSGetNCChanges (Opnum 3)<o:p></o:p></p>
<p class="MsoNormal"><a \
href="https://msdn.microsoft.com/en-us/library/dd207691.aspx">https://msdn.microsoft.com/en-us/library/dd207691.aspx</a><o:p></o:p></p>
<p class="MsoNormal">4.1.10.5 Server Behavior of the IDL_DRSGetNCChanges \
Method<o:p></o:p></p> <p class="MsoNormal"><a \
href="https://msdn.microsoft.com/en-us/library/dd207741.aspx">https://msdn.microsoft.com/en-us/library/dd207741.aspx</a><o:p></o:p></p>
<p class="MsoNormal">4.1.10.6 Client Behavior When Receiving the IDL_DRSGetNCChanges
<o:p></o:p></p>
<p class="MsoNormal"><a \
href="https://msdn.microsoft.com/en-us/library/dd207757.aspx">https://msdn.microsoft.com/en-us/library/dd207757.aspx</a><o:p></o:p></p>
</div>
</body>
</html>
_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
--===============1413770421807238657==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic