[cifs-protocol] [MS-APDS] NETLOGON_TICKET_LOGON_INFO message - TrackingID#2405210040011397
Jo Sutton
jsutton at samba.org
Tue Jul 2 02:01:45 UTC 2024
On second thoughts, I’d rather not send traces via unencrypted email.
Can you provide somewhere for me to upload them?
Cheers,
Jo (she/her)
On 2/07/24 1:57 pm, Jo Sutton via cifs-protocol wrote:
> [moving back to cifs-protocol]
>
> Hi Sreekanth,
>
> Call me Jo :)
>
> As I can’t seem to upload the traces via the link you sent me, I’ll try
> to email them to you directly.
>
> The reason for asking about NETLOGON_TICKET_LOGON_INFO is that we’re
> looking to address https://bugzilla.samba.org/show_bug.cgi?id=15249.
>
> Cheers,
> Jo (she/her)
>
> On 14/06/24 3:39 am, Sreekanth Nadendla wrote:
>> Hello Joseph, I've sent you instructions to download time travel trace
>> tool to collect traces for lass process earlier. But we were informed
>> by Andrew Bartlet that the reason why you've raised the login issue
>> with [MS-APDS] NETLOGON_TICKET_LOGON_INFO is that you are looking to
>> resolve a privilege escalation problem via enforcement of PAC
>> verification. I could not see how these two issues are connected
>> hence I'm unable to continue the investigation on my own (while you
>> are away dealing with a personal issue).
>> Please let us know whenever you are ready and we will gather the
>> details, data to investigate the issue you are experiencing.
>>
>> Regards,
>>
>> Sreekanth Nadendla
>>
>> Microsoft Windows Open Specifications
>>
>>
>>
>>
>>
>>
>> From: Jo Sutton <jsutton at samba.org>
>>
>> Sent: Monday, May 20, 2024 9:49 PM
>> To: cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>;
>> Interoperability Documentation Help <dochelp at microsoft.com>
>> Subject: [EXTERNAL] [MS-APDS] NETLOGON_TICKET_LOGON_INFO message
>> [Some people who received this message don't often get email from
>> jsutton at samba.org. Learn why this is important at
>> https://aka.ms/LearnAboutSenderIdentification ]
>>
>> Hi dochelp,
>>
>> I’m trying to follow [MS-APDS] 2.2.2.1, “NETLOGON_TICKET_LOGON_INFO
>> Message”, in order to create a NETLOGON_TICKET_LOGON_INFO message that
>> will be accepted by Windows Server 2019. However, in my attempts so far,
>> all I’ve got is STATUS_INVALID_PARAMETER codes from NetrLogonSamLogonEx.
>>
>> Although [MS-APDS] doesn’t mention it, I assume
>> NETLOGON_TICKET_LOGON_INFO should contain an unsigned 32‐bit MessageType
>> field, set to 0x00000026, that indicates the message is a
>> NETLOGON_TICKET_LOGON_INFO message. Other than that, I’m not sure what
>> I’m doing wrong. Are the ticket fields arrays, are depicted in the
>> diagram, or pointers, as claimed in the documentation?
>>
>> I can provide traces showing the problem if you would like.
>>
>> Cheers,
>> Jo (she/her)
>
>
> _______________________________________________
> cifs-protocol mailing list
> cifs-protocol at lists.samba.org
> https://lists.samba.org/mailman/listinfo/cifs-protocol
More information about the cifs-protocol
mailing list