Netlogon Service
Brian Keats
bkeats at spiff.chin.gc.ca
Tue Mar 7 15:44:32 GMT 2000
Thank Phil,
That was what I needed to know. I'm currently using 2.05a, maybe I'll
try a newer version to see if it works then. I am currently using the latest
Slackware distribution, but without the source code, which maybe I could make
some modifications somewhere to see if it does indeed attempt to make use of
this information. Unless some knowledgable reader knows if a specific samba
version will pass along the logon script to a client or knows which part of the
code would be responsible for doing or checking this. (It would save me alot of
time !!!!)
Greg,
If you're still interested, I can send you the previous postings I've
made or you could probably find them in the list archives.
Regards
P.S. Thanks for your replies so far guys, they have been very helpfull ....
On Mon, 06 Mar 2000, Phil Mayers wrote:
> Ah, not yet answered:
>
> Yes it does (NT) pass along the login script. Samba may not do that yet
> (which change are you using again?) or it may, and you "non standard"
> (ahem :o) usage may be causing problems. Hmm...
>
> If you're using TNG, you could do a ./configure.developer, recompile
> with debugging enabled, and do a trace on what happens. But yes, that's
> the way it's supposed to work.
>
> Cheers,
> Phil
>
> Brian Keats wrote:
> >
> > If anyone has been following my postings, I've been curious if an NT domain
> > controller passes along the name and path of a "logon script". The below
> > article was taken from the microsoft.com site. Does anyone know if SAMBA uses
> > this information or can it be made to use this information if it is acting as a
> > domain member with
> > security = domain
> > domain logons = yes
> > password server = [nt PDC]
> >
> > WinNT Client Logon in Resource and Master Domain
> > Environment
> >
> >
> > The information in this article applies to:
> >
> > Microsoft Windows NT Workstation versions 3.5, 3.51,
> > 4.0
> > Microsoft Windows NT Server versions 3.5, 3.51, 4.0
> >
> >
> >
> >
> > SUMMARY
> > When a computer running Windows NT Workstation or Server
> > that is a member of a domain starts, it tries to
> > establish a secure channel to a domain controller in its
> > domain to validate its machine account. This occurs
> > before the user is presented with the CTRL+ALT+DEL logon
> > screen. If the domain that the Windows NT client is a
> > member of trusts another domain, a user can log on to
> > that trusted domain at the console.
> >
> > If the user logs on to this trusted domain, the user's
> > credentials are passed from the Windows NT client to a
> > domain controller in its domain that it established a
> > secure channel with at startup time. This resource
> > domain controller then does pass-through authentication
> > to a domain controller in the accounts or master domain
> > that it established a secure channel with at startup
> > time. If the user has a logon script, or if the client
> > is Windows NT version 4.0 that implements Policies, the
> > domain controller in the accounts domain that validated
> > the user credentials through pass-through
> > authentication, will also be used to service the log on
> > script or Policies request.
> >
> >
> > MORE INFORMATION
> > The following Network Monitor frames summarize the
> > critical communication between a computer running
> > Windows NT Workstation and a domain controller in its
> > domain, where its machine account resides:
> >
> > NAME QUERY FOR MEMBER WORKSTATION'S DOMAIN NAME:
> > NBT: NS: Query req. for RANDYMCD <1C>
> >
> > MEMBER WORKSTATION INITIATING SECURE CHANNEL WITH ITS DOMAIN CONTROLLER.
> > BROADCASTS FIRST, THEN TRIES LIST RETURNED BY WINS:
> > NETLOGON: SAM LOGON request from client
> >
> > MEMBER WORKSTATION ESTABLISHING SESSION WITH ITS DOMAIN CONTROLLER:
> > SMB: C session setup & X, Username = , and C tree connect & X,
> > Share = \\RANDYMC1\IPC$
> >
> > MEMBER WORKSTATION REQUESTING LIST OF TRUSTED DOMAINS:
> > R_LSARPC: RPC Client call lsarpc:LsarEnumerateTrustedDomains(..)
> >
> > MEMBER WORKSTATION AUTHENTICATIONG ITS MACHINE ACCOUNT:
> > SMB: C NT create & X, File = \NETLOGON
> > R_LOGON: RPC Client call logon:NetrServerReqChallenge(..)
> > R_LOGON: RPC Client call logon:NetrServerAuthenticate2(..)
> >
> > The following Network Monitor frames summarize the
> > critical communication among the computer running
> > Windows NT Workstation or Server in a resource domain, a
> > domain controller in a resource domain, and a domain
> > controller in an accounts domain.
> >
> > MEMBER WORKSTATION NAME QUERY FOR ITS DOMAIN CONTROLLER:
> > NBT: NS: Query req. for RANDYMC1
> >
> > MEMBER WORKSTATION ESTABLISHING SESSION WITH ITS DOMAIN CONTROLLER:
> > NBT: SS: Session Request, Dest:RANDYMC1, Source: RANDYMC3<00>, Len: 68
> > SMB: C session setup & X, Username = , and C tree connect & X,
> > Share = \\RANDYMC1\IPC$
> >
> > NOTE: WINDOWS NT 4.0 UPDATES THE TRUSTED DOMAIN LIST CACHE EVERY 2
> > MINUTES BY DEFAULT:
> > R_LSARPC: RPC Client call lsarpc:LsarEnumerateTrustedDomains(..)
> >
> > MEMBER WORKSTATION PASSING ITS MACHINE NAME, USERNAME, AND TRUSTED
> > DOMAIN NAME TO ITS RESOURCE DOMAIN CONTROLLER:
> > SMB: C NT create & X, File = \NETLOGON
> > R_LOGON: RPC Client call logon:NetrLogonSamLogon(..)
> > 00160: 0000000000000900 0000420050005300 ..........B.P.S.
> > 00170: 490047004E004F00 4600460074000600 I.G.N.O.F.F.t...
> > 00180: 0000000000000600 0000450053005300 ..........E.S.S.
> > 00190: 44004F004D000900 0000000000000800 D.O.M...........
> > 001A0: 0000520041004E00 440059004D004300 ..R.A.N.D.Y.M.C.
> > 001B0: 33000300 3...
> >
> > RESOURCE DOMAIN CONTROLLER PASSING CLIENTS CREDENTIALS TO TRUSTED
> > ACCOUNTS DOMAIN CONTROLLER:
> > MSRPC: c/o RPC Request: call 0x4 opnum 0x2 context 0x0 hint 0x10A
> > 00160: 0000090000004200 5000530049004700 ......B.P.S.I.G.
> > 00170: 4E004F0046004600 0000060000000000 N.O.F.F.........
> > 00180: 0000060000004500 5300530044004F00 ......E.S.S.D.O.
> > 00190: 4D00090000000000 0000080000005200 M.............R.
> > 001A0: 41004E0044005900 4D00430033000300 A.N.D.Y.M.C.3...
> >
> > ACCOUNTS DOMAIN CONTROLLER PASSING AUTHENTICATION TO RESOURCE DOMAIN
> > CONTROLLER ALONG WITH LOGON SCRIPT NAME:
> > MSRPC: c/o RPC Response: call 0x4 context 0x0 hint 0x198 cancels 0x0
> > 00170: 0000000000000600 0000450053005300 ..........E.S.S.
> > 00180: 44004F004D000B00 0000000000000A00 D.O.M...........
> > 00190: 0000650073007300 64006F006D002E00 ..e.s.s.d.o.m...
> > 001A0: 6200610074000300 0000010200000700 b.a.t...........
> > 001B0: 0000000200000700 0000180400000700 ................
> > 001C0: 0000080000000000 0000070000004500 ..............E.
> > 001D0: 5300530044004F00 4D0031006F000A00 S.S.D.O.M.1.o...
> > 001E0: 0000000000000900 0000420050005300 ..........B.P.S.
> > 001F0: 490047004E004F00 4600460070000400 I.G.N.O.F.F.p...
> >
> > RESOURCE DOMAIN CONTROLLER PASSING POSITIVE AUTHENTICATION RESPONES TO
> > MEMBER WORKSTATION ALONG WITH ACCOUNTS DOMAIN CONTROLLER COMPUTER NAME
> > THAT DID THE AUTHENTICATION:
> > R_LOGON: RPC Server response logon:NetrLogonSamLogon(..)
> > 00170: 0000000000000600 0000450053005300 ..........E.S.S.
> > 00180: 44004F004D000B00 0000000000000A00 D.O.M...........
> > 00190: 0000650073007300 64006F006D002E00 ..e.s.s.d.o.m...
> > 001A0: 6200610074000300 0000010200000700 b.a.t...........
> > 001B0: 0000000200000700 0000180400000700 ................
> > 001C0: 0000080000000000 0000070000004500 ..............E.
> > 001D0: 5300530044004F00 4D00310000000A00 S.S.D.O.M.1.....
> > 001E0: 0000000000000900 0000420050005300 ..........B.P.S.
> > 001F0: 490047004E004F00 4600460000000400 I.G.N.O.F.F.....
> >
> > MEMBER WORKSTATION NAME QUERY FOR ACCOUNTS DOMAIN CONTROLLER COMPUTER
> > NAME:
> > NBT: NS: Query req. for ESSDOM1
> >
> > MEMBER SERVER ESTABLISHING SESSION WITH ACCOUNTS DOMAIN CONTROLLER:
> > SMB: C session setup & X, Username = ESSDOM, and C tree connect & X,
> > Share = \\ESSDOM1\NETLOGON
> >
> > MEMBER WORKSTATION VERSION 4.0 CHECKING FOR A POLICY:
> > SMB: C NT create & X, File = \ntconfig.pol
> >
> > MEMBER WORKSTATION CHECKING FOR ITS LOGON SCRIPT:
> > SMB: C transact2 Query path info, File = \essdom.bat
> >
> > For additional information on Secure Channels, Windows
> > NT Trusts, and Pass-Through Authentication, please see
> > the following article in the Microsoft Knowledge Base:
> > ARTICLE-ID: Q158148
> > TITLE : Domain Secure Channel Utility -- Nltest.exe
> > Additional query words:
> > Keywords : kbnetwork ntdomain NTSrvWkst
> > Version : winnt:3.5,3.51,4.0
> > Platform : winnt
> > Issue type :
> >
> >
> > Last Reviewed: January 21, 2000
> > (c) 2000 Microsoft Corporation. All rights reserved. Terms
> > of Use.
> >
> >
> >
> > Article ID: Q165202
> > Last Reviewed:
> > January 21, 2000
> > Provided by Microsoft Product Support Services.
> >
> >
> >
More information about the samba-ntdom
mailing list