Old Topic: Re: NT Security Alert: (was Re: NTDOM: SamLogon validation...)

Paul Ashton paul at argo.demon.co.uk
Tue Apr 28 12:46:56 GMT 1998


> Just a clarification for myself. It seems to me that the challenge can't
> be replayed, because it must be the challenge that was sent during the
> "server to PDC" SMB negotiate portion of the pass-through authentication
> (steps 4-6 below)? Since this challenge is originated from the PDC (step
> 5), the server should not be able to just send it a
> challenge/challenge-response pair for validation. Is this not correct?
> Any clarification is appreciated.

Your conclusion would seem to be correct in the context of the
information you quoted. My observation was based purely on
viewing the NetLogonSamLogon type=Network RPC between a file server
and a PDC. If this has to be related to a previously sent challenge
from the PDC then you may be correct. It was discussed on ntbugtraq
and Paul Leach did not say that it would not work. I've never tried
it though. Luke?

I don't see why the challenge would be in the RPC and not just the
challenge response if that were the case.

Paul



More information about the samba-ntdom mailing list