Andrew, I have completed my research with respect to which object classes are able to make an authenticated call to a SNTP server. In a windows environment this includes objects in active directory with an object class equal to computer or user. Objects of type user show up in the scenario in which you are making a call to a time server in another domain or another forest where there exist a trust relationship between either the two domains or the two forest. In this case the trust account will be used.
Let us know if you have any further questions. Richard Guthrie Open Protocols Support Team Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM 7100 N Hwy 161, Irving, TX - 75039 "Las Colinas - LC2" Tel: +1 469 775 7794 E-mail: [EMAIL PROTECTED] We're hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted -----Original Message----- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2008 6:04 PM To: Richard Guthrie Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: 600146 RE: How are disabled accounts handled in SNTP On Mon, 2008-06-23 at 08:48 -0700, Richard Guthrie wrote: > Andrew, > > I have completed my research with regard to question 4. The > authenticated SNTP request uses RID's of trusted accounts. There is > nothing in the protocol to exclude non-computer objects, or using > RID's of accounts which are disabled or not able to log in. so, this is objects with objectClass=? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
