Andrew, We appreciate your feedback. We have re-considered this section of the document and will be updating the MS-ADTS document section 7.3.3.2 as follows:
Original Text If the server is configured to respond to ping requests in the form of a NETLOGON_SAM_LOGON_RESPONSE_NT40 structure (the way in which the server is configured is outside the state model and is implementation-dependent), and v does not have the NETLOGON_NT_VERSION_AVOID_NT4EMUL bit set, the response of the dc is documented in "Response to Invalid Filter" (section 7.3.3.3). Updated Text If the server is configured to respond to ping requests in the form of a NETLOGON_SAM_LOGON_RESPONSE_NT40 structure, and v does not have the NETLOGON_NT_VERSION_AVOID_NT4EMUL bit set (for an informative example of how and why this is configured in the Windows implementation, see [KB298713]), the server uses the NETLOGON_SAM_LOGON_RESPONSE_NT40 structure to send the response back. An informative reference will also be added to the documentation under 1.2.2 Informative References, and will read [KB298713] Microsoft Corporation, "How to prevent overloading on the first domain controller during domain upgrade", http://support.microsoft.com/kb/298713 Let us know if you have any further questions? Richard Guthrie Open Protocols Support Team Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 "Las Colinas - LC2" Tel: +1 469 775 7794 E-mail: [EMAIL PROTECTED] We're hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted -----Original Message----- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2008 1:28 AM To: Richard Guthrie Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: 602144 RE: CDAP netlogon and 'implementation defined' behaviour On Tue, 2008-07-08 at 13:59 -0700, Richard Guthrie wrote: > Andrew, > > As per our previous conversation regarding NETLOGON_SAM_LOGON_RESPONSE_NT40, > I wanted to send you a proposed update to the documentation to see if this > resolves the issue. The current MS-ADTS documentation for section 7.3.3.2 > Domain Controller Response to an LDAP Ping reads as follows: > > If the server is configured to respond to ping requests in the form of a > NETLOGON_SAM_LOGON_RESPONSE_NT40 structure (the way in which the server is > configured is outside the state model and is implementation-dependent), and v > does not have the NETLOGON_NT_VERSION_AVOID_NT4EMUL bit set, the response of > the dc is documented in "Response to Invalid Filter" (section 7.3.3.3). > > The proposed update to this text is as follows: > > If the server is configured to respond to ping requests in the form of a > NETLOGON_SAM_LOGON_RESPONSE_NT40 structure (the way in which the server is > configured is outside the state model and is implementation-dependent), and v > does not have the NETLOGON_NT_VERSION_AVOID_NT4EMUL bit set, the server uses > the NETLOGON_SAM_LOGON_RESPONSE_NT40 structure to send the response back. > > The intended changes highlights that if the server is configured to respond > to ping request using the NETLOGON_SAM_LOGON_RESPONSE_NT40 structure, then > that is what the client will receive. It also intends to leave open how this > is implemented so that you the implementer can decide how this gets > enabled/disabled. Please let us know if this resolves your issue and we will > update the documentation accordingly. We seem to be going in circles, perhaps because MS-ADTS does not have a 'windows behaviour' section. Why is it so hard to list the reasons (for the 'implementation dependent behaviour' we discussed on the phone? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
