RPC clients for this protocol MUST use RPC over SMB for the LsarOpenPolicy2, LsarOpenPolicy, LsarClose, LsarGetUserName, LsarLookupNames, LsarLookupNames2, LsarLookupNames3, LsarLookupSids, and LsarLookupSids2 methods. RPC clients MUST use RPC over TCP/IP for the LsarLookupNames4 and LsarLookupSids3 methods.
If the client uses an unsupported RPC protocol sequence then the RPC server implementations in Windows 2000, Windows XP and Windows Server 2003 returns RPC_S_PROTSEQ_NOT_SUPPORTED. Windows Vista and Windows Server 2008 throws an RPC exception with status code as ERROR_ACCESS_DENIED.
This needs to be handled correctly for security reasons in the LSA server.
I'm working on this and made already a lot of progress but there is more broken than expected.
https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/s3-lsa
The patchset is getting bigger and bigger.
I got the lsarpc server implementation correct on s3fs and s4. However the rpc servers don't handle dcerpc faults correctly. I need to fix that and then we're fine.
Patchset pushed upstream. I've opened ticket #2902 for the dcerpc fault handling.
Metadata Update from @asn: - Issue assigned to asn - Issue set to the milestone: FreeIPA 3.0 Trust Effort - 2012/06
Login to comment on this ticket.