SAMLOGON UDP request
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Fri Dec 11 17:53:41 GMT 1998
provided (thanks!) by andrej, here is an example SAMLOGON request which
contains a domain SID and a workstation trust account name. to answer
these correctly, we will need getsmbpwnam() calls in nmbd, methinks.
************************************************************************************************************************************************************
Frame Time Src MAC Addr Dst MAC Addr Protocol Description Src Other Addr Dst Other Addr Type Other Addr
66 91.537 AO13 ITS_APP NETLOGON SAM LOGON request from client AO13 ITS_APP IP
NETLOGON: SAM LOGON request from client
NETLOGON: Opcode = SAM LOGON request from client
NETLOGON: Request Count = 0 (0x0)
NETLOGON: Unicode Computer Name = AO13
NETLOGON: Unicode User Name = AO13$
NETLOGON: Mailslot Name = \MAILSLOT\NET\GETDC874
NETLOGON: Allowable Account Control Bits Summary = 128 (0x80)
NETLOGON: ...............................0 = User Account Enabled
NETLOGON: ..............................0. = User Home Directory Not Required
NETLOGON: .............................0.. = User Password Required
NETLOGON: ............................0... = Not a Temp Duplicate User Account
NETLOGON: ...........................0.... = Not a Normal User Account
NETLOGON: ..........................0..... = Not a MNS Logon User Account
NETLOGON: .........................0...... = Not an Interdomain Trust User Account
NETLOGON: ........................1....... = Workstation Trust User Account
NETLOGON: .......................0........ = Not a Server Trust User Account
NETLOGON: ......................0......... = User Password Will Expire
NETLOGON: .....................0.......... = User Account Not Auto Locked
NETLOGON: Domain SID Size = 24 (0x18)
NETLOGON: Domain SID = 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 D3 31 DF 1A 65 0D...
NETLOGON: NT Version = 1 (0x1)
NETLOGON: LMNT Token = WindowsNT Networking
NETLOGON: LM20 Token = OS/2 LAN Manager 2.0 (or later) Networking
00000: 00 A0 C9 A3 5A 9F 00 60 08 7E EB 15 08 00 45 00 ....Z..`.~....E.
00010: 01 26 04 00 00 00 80 11 78 01 95 CA C9 21 95 CA .&......x....!..
00020: C9 0F 00 8A 00 8A 01 12 00 CD 11 1A 80 04 95 CA ................
00030: C9 21 00 8A 00 FC 00 00 20 45 42 45 50 44 42 44 .!...... EBEPDBD
00040: 44 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 DCACACACACACACAC
00050: 41 43 41 43 41 43 41 41 41 00 20 45 4A 46 45 46 ACACACAAA. EJFEF
00060: 44 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 DCACACACACACACAC
00070: 41 43 41 43 41 43 41 43 41 42 4D 00 FF 53 4D 42 ACACACACABM..SMB
00080: 25 00 00 00 00 18 03 00 00 00 00 00 00 00 00 00 %...............
00090: 00 00 00 00 00 00 FE CA 00 00 00 00 11 00 00 5C ...............\
000A0: 00 02 00 00 00 00 00 02 00 FF FF FF FF 00 00 00 ................
000B0: 00 5C 00 5C 00 5C 00 03 00 01 00 00 00 02 00 73 .\.\.\.........s
000C0: 00 5C 4D 41 49 4C 53 4C 4F 54 5C 4E 45 54 5C 4E .\MAILSLOT\NET\N
000D0: 54 4C 4F 47 4F 4E 00 00 12 00 00 00 41 00 4F 00 TLOGON......A.O.
000E0: 31 00 33 00 00 00 41 00 4F 00 31 00 33 00 24 00 1.3...A.O.1.3.$.
000F0: 00 00 5C 4D 41 49 4C 53 4C 4F 54 5C 4E 45 54 5C ..\MAILSLOT\NET\
00100: 47 45 54 44 43 38 37 34 00 80 00 00 00 18 00 00 GETDC874........
00110: 00 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 ................
00120: D3 31 DF 1A 65 0D 6F 63 83 4E 80 7E 01 00 00 00 .1..e.oc.N.~....
00130: FF FF FF FF ....
************************************************************************************************************************************************************
Frame Time Src MAC Addr Dst MAC Addr Protocol Description Src Other Addr Dst Other Addr Type Other Addr
67 91.538 ITS_APP AO13 NETLOGON SAM Response to SAM LOGON request ITS_APP AO13 IP
NETLOGON: SAM Response to SAM LOGON request
NETLOGON: Opcode = SAM Response to SAM LOGON request
NETLOGON: Unicode Logon Server = \\ITS_APP
NETLOGON: Unicode User Name = AO13$
NETLOGON: Unicode Domain Name = ITS
NETLOGON: NT Version = 1 (0x1)
NETLOGON: LMNT Token = WindowsNT Networking
NETLOGON: LM20 Token = OS/2 LAN Manager 2.0 (or later) Networking
00000: 00 60 08 7E EB 15 00 A0 C9 A3 5A 9F 08 00 45 00 .`.~......Z...E.
00010: 00 FC CD 0C 00 00 80 11 AF 1E 95 CA C9 0F 95 CA ................
00020: C9 21 00 8A 00 8A 00 E8 F3 76 10 1A 86 28 95 CA .!.......v...(..
00030: C9 0F 00 8A 00 D2 00 00 20 45 4A 46 45 46 44 46 ........ EJFEFDF
00040: 50 45 42 46 41 46 41 43 41 43 41 43 41 43 41 43 PEBFAFACACACACAC
00050: 41 43 41 43 41 43 41 41 41 00 20 45 42 45 50 44 ACACACAAA. EBEPD
00060: 42 44 44 43 41 43 41 43 41 43 41 43 41 43 41 43 BDDCACACACACACAC
00070: 41 43 41 43 41 43 41 43 41 41 41 00 FF 53 4D 42 ACACACACAAA..SMB
00080: 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 %...............
00090: 00 00 00 00 00 00 00 00 00 00 00 00 11 00 00 32 ...............2
000A0: 00 00 00 00 00 00 00 00 00 E8 03 00 00 00 00 00 ................
000B0: 00 00 00 32 00 5C 00 03 00 01 00 01 00 02 00 49 ...2.\.........I
000C0: 00 5C 4D 41 49 4C 53 4C 4F 54 5C 4E 45 54 5C 47 .\MAILSLOT\NET\G
000D0: 45 54 44 43 38 37 34 00 13 00 5C 00 5C 00 49 00 ETDC874...\.\.I.
000E0: 54 00 53 00 5F 00 41 00 50 00 50 00 00 00 41 00 T.S._.A.P.P...A.
000F0: 4F 00 31 00 33 00 24 00 00 00 49 00 54 00 53 00 O.1.3.$...I.T.S.
00100: 00 00 01 00 00 00 FF FF FF FF ..........
More information about the samba-technical
mailing list