Andrew,
After investigation , we have the following responses to your questions.
(1) For NtVersion field in NETLOGON_SAM_LOGON_RESPONSE_EX or
NETLOGON_SAM_LOGON_RESPONSE, The returned value always has
NETLOGON_NT_VERSION_1 bit turned on , in addition to the original request.
For example, if 04:00:00:00 (NETLOGON_NT_VERSION_5EX) is sent as request,
NETLOGON_SAM_LOGON_RESPONSE response will be returned with NtVersion equal to
05 (NETLOGON_NT_VERSION_5EX | NETLOGON_NT_VERSION_1). For request
08:00:00:00(NETLOGON_NT_VERSION_5EX_IP), the response will be 0D
((NETLOGON_NT_VERSION_5EX | NETLOGON_NT_VERSION_5EX_IP|NETLOGON_NT_VERSION_1).
We will update the documentation in the future release.
(2) lmNTToken and NT20Token should be 0xFFFF. We will incorporate the
changes to the documentation.
Please don't hesitate to let us know if you have more questions.
Thanks
----------------------------------------------------------
Hongwei Sun - Support Escalation Engineer
DSC Protocol Team, Microsoft
[EMAIL PROTECTED]
Tel: 469-7757027 x 57027
-----------------------------------------------------------
-----Original Message-----
In the documentation for the LDAP "ping", the values for certain fields are
specified in the 'netlogon' blob returned.
I'm looking at the expected values for a few things...
NtVersion.
---------
It is stated that this value is NETLOGON_NT_VERSION_5. On the wire, when
querying with
(&(&(&(NtVer=04:00:00:00)(User=Administrator))(Host=__cldap_torture__))(DnsDomain=ad.naomi.abartlet.net))
The returned value is 0x05. This appears to map (see my previous mail) to
NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_1.
Also for
(&(&(&(NtVer=08:00:00:00)(User=Administrator))(Host=__cldap_torture__))(DnsDomain=ad.naomi.abartlet.net))
The returned value is 0x0d. This appears to map (see my previous mail) to
NETLOGON_NT_VERSION_5EX_WITH_IP|NETLOGON_NT_VERSION_5EX|
NETLOGON_NT_VERSION_1.
This is packed in a NETLOGON_SAM_LOGON_RESPONSE_EX by win2k3, so the
docmentation claims (7.3.3.2) that is should be NETLOGON_NT_VERSION_5EX.
LmNTToken and NT20Token
-----------------------
Similarly, it is stated that the (presumably ignored) LmNTToken and Nt20Token
values are 0xFF. On the network Win2k3 sends 0xFFFF for both.
Are any of the expected values in this document backed by a testcase that shows
them to be true?
It also seems that the expected values are specified in 3 different places,
first under the packet layout, then under the LDAP and Mailslot descriptions.
Either way, they all seem to contain the same flawed 'plausible, but not
correct' information.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
<http://samba.org/~abartlet/>
Authentication Developer, Samba Team <http://samba.org>
Samba Developer, Red Hat Inc.
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
