'Re: [cifs-protocol] =?utf-8?q?=5BEXTERNAL=5D_=5BMS-ADTS=5D_GetgMSAPa?='

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cifs-protocol
Subject:    Re: [cifs-protocol]  =?utf-8?q?=5BEXTERNAL=5D_=5BMS-ADTS=5D_GetgMSAPa?=
From:       Obaid Farooqi via cifs-protocol <cifs-protocol () lists ! samba ! org>
Date:       2023-11-24 8:11:55
Message-ID: MN2PR21MB1390888ACB0C1BFE795216D3C6B8A () MN2PR21MB1390 ! namprd21 ! prod ! outlook ! com
[Download RAW message or body]

Hi Joseph:
Thanks for bringing this to our attention. You are right. The correct formula would \
be

(TO!msDS-ManagedPasswordInterval × 24 ∕ 10) × KeyCycleDuration

I have filed a bug to address issue in the document.

Please let me know if this does not answer your question.

Regards,
Obaid Farooqi
Escalation Engineer | Microsoft

-----Original Message-----
From: Jeff McCashland (He/him) <jeffm@microsoft.com>
Sent: Wednesday, November 22, 2023 7:58 PM
To: Joseph Sutton <jsutton@samba.org>; cifs-protocol@lists.samba.org
Cc: Microsoft 365 Smart Support Mailbox <support@microsoft.com>
Subject: RE: [EXTERNAL] [MS-ADTS] GetgMSAPasswordBlob — Calculation of rollover \
interval - TrackingID#2311230040000495

[DocHelp to BCC, support on CC, SR ID on Subject]

Hi Joseph,

Thank you for your question. We have created SR 2311230040000495 to track this issue. \
One of our engineers will respond soon.

Note that due to the U.S. Thanksgiving holiday, the response may be delayed until \
Monday at the latest.

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open \
                Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific \
Time (US and Canada) Local country phone number found here: \
http://support.microsoft.com/globalenglish | Extension 1138300

-----Original Message-----
From: Joseph Sutton <jsutton@samba.org>
Sent: Wednesday, November 22, 2023 5:07 PM
To: cifs-protocol@lists.samba.org; Interoperability Documentation Help \
                <dochelp@microsoft.com>
Subject: [EXTERNAL] [MS-ADTS] GetgMSAPasswordBlob — Calculation of rollover \
interval

Hi dochelp,

I think there may be an error — or at least some opportunity for confusion — in \
the documentation for GetgMSAPasswordBlob ([MS-ADTS] 3.1.1.4.5.39, \
"msDS-ManagedPassword"). The documentation states that GKDIRolloverInterval is equal \
to:

(TO!msDS-ManagedPasswordInterval × 24 ∕ KeyCycleDuration) × KeyCycleDuration

GKDIRolloverInterval is later added to the time returned by GKDIGetKeyStartTime(), \
implying that the former value is measured in 100ns units as is the latter. However, \
the expression given in the documentation appears to be equivalent to \
‘TO!msDS-ManagedPasswordInterval × 24', which would produce a quantity in hours.

If GKDIRolloverInterval is meant to be a FILETIME, I think the correct expression \
should be:

TO!msDS-ManagedPasswordInterval × 24 × 60 × 60 × 10⁷

This gives an answer consistent with the results I'm seeing from Windows.

Regards,
Joseph
_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol

[prev in list] [next in list] [prev in thread] [next in thread] 