how does the domain logon works?

Hernan Ochoa soporte at
Sun Feb 21 16:09:56 GMT 1999


i have a few questions you may answer me, maybe you can help me, thanks in advance:

1. where can i find information about the LSA API (documentation for all the functions) and for the
SAM API? (lsasrv.dll, samlib.dll, samsrv.dll).

2. i want to change a user's LM and MD4 password hashes directly into the sam, i took the pwdump samba password dumper, and i modified it so when i find a user called 'test' i change the buffer where the "V" registry value is stored with a new LM and MD4 hash, everything is encrypted correctly, my only problem is that i can't write back the modified "V" value to the registry for that user. why is that? i went to regedt32 and add FULL CONTROL for Administrators to HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users and to every key which its name is the user's RID. i also modified the RegOpenKeyEx function call to ask for KEY_SET_VALUE access, but when i try the program, RegOpenKeyEx refuses to open the key saying "Access is denied", why is that? i can succesfully go to the registry and change the "V" value by hand.
is there another way to change directly the MD4 and LM hash of a user? i saw a SamRSetUserInformation and a LsaSetSecret functions in samsv.dll and advapi32.dll, but i can't find any documentation for them, that's the reason of my first question.

3. where can i get NetMonitor? is it on the sdk? in the resource kit?

4.after a user is successfully logged on to a NT PDC, there is a permanent connection between the workstation the user logged on from and the NT PDC?

5. each machine in a domain owns a SID right? that SID is given by the NT PDC? i read some MDSN documentation and it says that for a user to log on three steps are accomplished:

        1. discovery of a PDC to validate the user
        2. creation of a secure channel
        3. pass-through authentication

1 is ok, now in 2, what does it means? when a user in a certain workstation wants to log on  to a NT PDC, the workstation MUST be a domain member right? if it isn't, NETLOGON will refuse the connection, right?.
so, the workstation is a member of a DOMAIN, now workstation sends to NETLOGON a username of MACHINE$ and a password of MACHINE$ to create the secure channel? is that right? the password is always MACHINE$? you can't change it? the only thing authenticated is this username/password and not the worstation SID?.

sorry for the amount of questions, i'm reading a lot but i think i have to read a lot more :), i want to completely understand how domain logon is accomplished, what can i read? i want to know all the low level details, encryption.txt from the samba docs directoy says something about it, but i want more.
can you help me? at least guide me to what i should read? 

thank you so much, and sorry again for bothering you.

-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba-ntdom mailing list