[cifs-protocol] What happened to SamLogon validation level 4?

Sebastian Canevari Sebastian.Canevari at microsoft.com
Wed Sep 10 22:39:53 GMT 2008 

Hi Andrew,

I'd like to provide you with both a confirmation on your finding and an answer to your question:


1)      Level #4 corresponds to NetlogonValidationGenericInfo  and  IS defined in the _NETLOGON_VALIDATION_INFO_CLASS. In fact, it has the same behavior as
NetlogonValidationGenericInfo2 = 5.

We'll update our documentation accordingly in future releases.




2)      With regards to the question about the restrictions in the validationlevel for the different logonlevels:



These logonlevels:

    NetlogonInteractiveInformation:
    NetlogonInteractiveTransitiveInformation:
    NetlogonNetworkInformation:
    NetlogonNetworkTransitiveInformation:
    NetlogonServiceInformation:
    NetlogonServiceTransitiveInformation:

Accept these ValidationLevels

    NetlogonValidationSamInfo:
    NetlogonValidationSamInfo2:
    NetlogonValidationSamInfo4:



AND NetlogonGenericInformation accepts:

     NetlogonValidationGenericInfo:
     NetlogonValidationGenericInfo2:






Please let me know if I can be of further assistance.

Thanks and regards,


Sebastian Canevari
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM
7100 N Hwy 161, Irving, TX - 75039
"Las Colinas - LC2"
Tel: +1 469 775 7849
e-mail: sebastc at microsoft.com

We're hiring


-----Original Message-----
From: cifs-protocol-bounces+sebastc=microsoft.com at cifs.org [mailto:cifs-protocol-bounces+sebastc=microsoft.com at cifs.org] On Behalf Of Andrew Bartlett
Sent: Wednesday, August 27, 2008 6:10 AM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: [cifs-protocol] What happened to SamLogon validation level 4?

In MS-NRPC 2.2.1.4.17 NETLOGON_VALIDATION_INFO_CLASS it states:

   The NETLOGON_VALIDATION_INFO_CLASS enumeration selects the type of logon information
  block being used.
    typedef enum _NETLOGON_VALIDATION_INFO_CLASS
    {
       NetlogonValidationUasInfo = 1,
       NetlogonValidationSamInfo = 2,
       NetlogonValidationSamInfo2 = 3,
       NetlogonValidationGenericInfo2 = 5,
       NetlogonValidationSamInfo4 = 6
    } NETLOGON_VALIDATION_INFO_CLASS;

However, level 4 is missing.  It appears however in the wireshark dissector (and therefore in our IDL).  What is the history here?

Also, what restrictions are there on choice of validation level for the different logon levels available into a SamLogon* call?

Thanks,

Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

More information about the cifs-protocol mailing list