[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: Re: [cifs-protocol] [EXTERNAL] Re: 120022021002221 MS-ADTS | Optional LDAP channel-binding in Window
From: Obaid Farooqi via cifs-protocol <cifs-protocol () lists ! samba ! org>
Date: 2020-03-08 18:13:57
Message-ID: CY4PR21MB07923E86D5DB1CFD70AD3ED3C6E10 () CY4PR21MB0792 ! namprd21 ! prod ! outlook ! com
[Download RAW message or body]
Hi Isaac:
I found the MS-ADTS section "5.1.2 Message Security" to be most appropriate for this \
information. So I filed a bug against MS-ADTS.
Regards,
Obaid Farooqi
Escalation Engineer | Microsoft
Exceeding your expectations is my highest priority. If you would like to provide \
feedback on your case you may contact my manager at ramagane at Microsoft dot com
-----Original Message-----
From: Isaac Boukris <iboukris@gmail.com>
Sent: Saturday, February 29, 2020 2:50 AM
To: Obaid Farooqi <obaidf@microsoft.com>
Cc: Stefan Metzmacher <metze@samba.org>; Simo Sorce <simo@redhat.com>; \
cifs-protocol@lists.samba.org; support <support@mail.support.microsoft.com>; Greg \
Hudson <ghudson@mit.edu>
Subject: [EXTERNAL] Re: 120022021002221 MS-ADTS | Optional LDAP channel-binding in \
Windows
Hi Obaid,
Thanks for explaining this, I also found the description ApplicationRequiresCBT in \
MS-KILE 3.2.5.8 AP Exchange, and 3.4.5, which matches LdapEnforceChannelBindings=2, \
perhaps it would be a good place to document LdapEnforceChannelBindings=1 as well.
Regards.
On Sat, Feb 29, 2020 at 1:50 AM Obaid Farooqi <obaidf@microsoft.com> wrote:
>
> The clients that support channel binding will include a channel binding regardless. \
> The ones that are patched will include a proper channel binding and once that are \
> not patched will include a channel binding of zeros.
> The clients that do not have channel binding capability will not include channel \
> binding at all.
> I am looking into as to where to document this and will update you
>
> Please let me know if this does not answers your question.
>
> Regards,
> Obaid Farooqi
> Escalation Engineer | Microsoft
>
> -----Original Message-----
> From: Tom Jebo <tomjebo@microsoft.com>
> Sent: Thursday, February 20, 2020 4:19 PM
> To: Isaac Boukris <iboukris@gmail.com>; Stefan Metzmacher
> <metze@samba.org>; Simo Sorce <simo@redhat.com>;
> cifs-protocol@lists.samba.org
> Cc: support <support@mail.support.microsoft.com>
> Subject: RE: 120022021002221 MS-ADTS | Optional LDAP channel-binding
> in Windows
>
> [dochelp to bcc]
> [support to cc]
>
> Hi Isaac,
>
> Thank you for you question about LDAP channel-binding. One of the Open \
> Specifications team members will respond to begin assisting you with this question. \
> In the meantime, I've created case 120022021002221 to track and added the case \
> number to the subject of this email. Please leave the case number in the subject \
> and refer to it when communicating about this issue with us.
> Best regards,
> Tom Jebo
> Sr Escalation Engineer
> Microsoft Open Specifications
>
> -----Original Message-----
> From: Isaac Boukris <iboukris@gmail.com>
> Sent: Thursday, February 20, 2020 12:11 PM
> To: Interoperability Documentation Help <dochelp@microsoft.com>;
> Stefan Metzmacher <metze@samba.org>; Simo Sorce <simo@redhat.com>;
> cifs-protocol@lists.samba.org
> Subject: [EXTERNAL] MS-ADTS | Optional LDAP channel-binding in Windows
>
> Hello dochelp,
>
> Another question on channel-binding in LDAP, per:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupp
> ort.microsoft.com%2Fen-us%2Fhelp%2F4034879&data=02%7C01%7Cobaidf%4
> 0microsoft.com%7Cb1b8878b7b2041af076e08d7bcf4661c%7C72f988bf86f141af91
> ab2d7cd011db47%7C1%7C0%7C637185630180966255&sdata=VLJLaVAqWHWzImv%
> 2FHkITlWuTNAkDUP38On5ieupJa%2B8%3D&reserved=0
>
> The documentation says that when LdapEnforceChannelBindings=1 only client that \
> supports channel-bindings are required to provide it. Can you please document how \
> does this work? How the server knows the client version to apply this logic?
Isaac
_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic