> What I was getting at about the full name is that if this was a odd character > encoding issue, knowing that this was a user with non-ascii full name would > be an important data point.
Yes, I see what you mean. No, neither the full username, nor the login name, contain anything other than Good 'Ole ASCII. > See, the PAC is much more than just SIDs, it is a lot of different bits of > information that a user needs to log in to a desktop, or (less so) to operate > against a file server. I can see I'm going to have to look into the contents of the PAC in a bit more detail. Although I have some familiarity with Kerberos, I've not had to dig into a PAC before; so far as I was aware it was mainly supplemental group membership, and similar information - obviously there's more in there than I was aware of. Still, a day where something is learned is never a day wasted - it will be interesting to have a dig! > The key password in this case isn't the user's password (it isn't involved), > but the machine account password of the server. Sorry, yes - I meant that I had no problem sending you any data which might be contained in any WireShark capture; as you pointed out, any password can easily be changed (including the Samba machine account password on the AD server). Apologies for not being clearer. > Andrew Bartlett Once again, many thanks - I'll update you when I have anything useful. Tris Mabbs. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
