[cifs-protocol] [MS-APDS] NETLOGON_TICKET_LOGON_INFO message - TrackingID#2405210040011397
Jo Sutton
jsutton at samba.org
Tue Jul 2 01:57:23 UTC 2024
[moving back to cifs-protocol]
Hi Sreekanth,
Call me Jo :)
As I can’t seem to upload the traces via the link you sent me, I’ll try
to email them to you directly.
The reason for asking about NETLOGON_TICKET_LOGON_INFO is that we’re
looking to address https://bugzilla.samba.org/show_bug.cgi?id=15249.
Cheers,
Jo (she/her)
On 14/06/24 3:39 am, Sreekanth Nadendla wrote:
> Hello Joseph, I've sent you instructions to download time travel trace
> tool to collect traces for lass process earlier. But we were informed by
> Andrew Bartlet that the reason why you've raised the login issue with
> [MS-APDS] NETLOGON_TICKET_LOGON_INFO is that you are looking to resolve
> a privilege escalation problem via enforcement of PAC verification. I
> could not see how these two issues are connected hence I'm unable to
> continue the investigation on my own (while you are away dealing with a
> personal issue).
> Please let us know whenever you are ready and we will gather the
> details, data to investigate the issue you are experiencing.
>
> Regards,
>
> Sreekanth Nadendla
>
> Microsoft Windows Open Specifications
>
>
>
>
>
>
> From: Jo Sutton <jsutton at samba.org>
>
> Sent: Monday, May 20, 2024 9:49 PM
> To: cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>;
> Interoperability Documentation Help <dochelp at microsoft.com>
> Subject: [EXTERNAL] [MS-APDS] NETLOGON_TICKET_LOGON_INFO message
> [Some people who received this message don't often get email from
> jsutton at samba.org. Learn why this is important at
> https://aka.ms/LearnAboutSenderIdentification ]
>
> Hi dochelp,
>
> I’m trying to follow [MS-APDS] 2.2.2.1, “NETLOGON_TICKET_LOGON_INFO
> Message”, in order to create a NETLOGON_TICKET_LOGON_INFO message that
> will be accepted by Windows Server 2019. However, in my attempts so far,
> all I’ve got is STATUS_INVALID_PARAMETER codes from NetrLogonSamLogonEx.
>
> Although [MS-APDS] doesn’t mention it, I assume
> NETLOGON_TICKET_LOGON_INFO should contain an unsigned 32‐bit MessageType
> field, set to 0x00000026, that indicates the message is a
> NETLOGON_TICKET_LOGON_INFO message. Other than that, I’m not sure what
> I’m doing wrong. Are the ticket fields arrays, are depicted in the
> diagram, or pointers, as claimed in the documentation?
>
> I can provide traces showing the problem if you would like.
>
> Cheers,
> Jo (she/her)
More information about the cifs-protocol
mailing list