Andrew, I wanted to ensure I understand your question so please validate the following:
The MS-ADTS document, section 3.1.1.4.4 Extended Access checks is missing information that describes the format of the attributes listed in the table. Your question relates to syncing these attributes via Directory Replication as described in MS-DRSR. The table indicates "Access is never granted." What is the format of these attributes when synced via DRS? Is this a correct interpretation of your question? Richard Guthrie Open Protocols Support Team Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 "Las Colinas - LC2" Tel: +1 469 775 7794 E-mail: [EMAIL PROTECTED] -----Original Message----- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2008 6:14 PM To: Richard Guthrie Cc: Interoperability Documentation Help; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [cifs-protocol] format of password attributes in AD On Mon, 2008-06-09 at 11:36 -0700, Richard Guthrie wrote: > Andrew, > > I have been tasked with working on this issue and will be sending you > another mail shortly with a summary of the questions I think you are > asking. Is this issue a blocking issue for you or are you able to > work around it? It is blocking us deploying an KDC supporting AES, as we want to ensure we can import AES keys from windows. (We don't maintain a seperate 'native' format for these keys, we just use the supplementaryCredentials). I'm trying to determine it by examining attribute examples over DRS, but I need to beat up Win2008 some more before I get DRS working to it :-) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
