[cifs-protocol] RE: Other types of Kerberos messages on SamLogon
Generic
Hongwei Sun
hongweis at microsoft.com
Mon Sep 8 00:01:02 GMT 2008
Andrew,
I went through the logic of the generic pass through function in Kerberos package for both Windows server 2003 and 2008. I found that it only processes KerbVerifyPacMessage (0x03). For any other message types, STATUS_ACCESS_DENIED should be returned.
Could you give me more information about your testing ? Which version of Windows server did you use ? Did you just use a KERB_VERIFY_PAC_REQUEST structure as LogonInformation passed to NetrLogonSamLogon() and set MessageType from 0x00 to 0xFF ? If you can send us a network trace to show that NT_STATUS_OK is returned for any message type other than 0x03, it would be really helpful.
Thanks
----------------------------------------------------------
Hongwei Sun - Sr. Support Escalation Engineer
DSC Protocol Team, Microsoft
hongweis at microsoft.com
Tel: 469-7757027 x 57027
-----------------------------------------------------------
________________________________________
From: Andrew Bartlett [abartlet at samba.org]
Sent: Tuesday, September 02, 2008 11:06 PM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: Other types of Kerberos messages on SamLogon Generic
MS-APDS 2.2.2.1 describes only one Generic message type (0x3) for the
Package "Kerberos". However, Microsoft servers still return
NT_STATUS_OK on a message type in the range 0x0..0xff (for example).
What other message types are valid on this Package, and what are their
formats?
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
More information about the cifs-protocol
mailing list