NETLOGON Spec (fwd)
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Mon Jul 13 17:03:03 GMT 1998
---------- Forwarded message ----------
Date: Thu, 9 Jul 1998 10:28:10 -0700
From: "MacDonald, Stuart" <stuartm at NAI.COM>
Reply-To: Common Internet File System <CIFS at DISCUSS.MICROSOFT.COM>
To: CIFS at DISCUSS.MICROSOFT.COM
Subject: NETLOGON Spec
Hi Paul,
While on the subject of correcting things the published 6/10/97 NetLogon
spec appears to be incorrect and incomplete per the NetMon 2.0 product
and observed tracefiles.
The existing NETLOGON information I found in spec covers NETLOGON Query
and that information appears to be incorrect.
For example,
Published doc states:
Struct NETLOGON_QUERY{
Unsigned char OpCode; // 7
Char ComputerName[];
Char MailSlotName[];
Unsigned short Lm20Token;
};
I have seen the following two variants of this:
NT 3.5:
Struct NETLOGON_QUERY{
Unsigned char OpCode; // 7
Unsigned char UnknownAndSetToZero;
char AsciizComputerName[];
char AsciizMailslotName[];
};
Based upon what we see with NT 4.0 should be:
struct NETNOGON_QUERY{
unsigned char OpCode; // 7
unsigned char UnknownAndSetToZero;
char AsciizComputerName[];
char AsciizMailslotName[];
wchar OemComputerName[];
ulong NtVersion; // 1
ushort LmntToken // 0xFFFF...
ushort Lm20Token // 0xFFFF
};
Q. Is this really an error or is there some version out there which
really uses the published structure?
Q. Is the OpCode really a 16-bit value? If not, then what is byte
following OpCode?
Q. Have seen the following Mailslot name format being used by NETLOGON
protocol: MAILSLOT\NET\GETDC[NNN]. Where NNN is a number ex. 000, 308...
What does the NNN signify?
Q. Netmon, a Microsoft Product, attempts to decode the following list of
NETLOGON functions. I have not been able to find a publicly available
spec on these functions. Is there such a spec?
NETLOGON
Command Description
-----------------------------------------------------------------
{0x0, "LM1.0/LM2.0 LOGON Request"},
{0x1, "LM1.0 Response to LOGON Request"},
{0x2, "LM1.0 Query for Centralized Initialization"},
{0x3, "LM1.0 Query for Distributed Initialization"},
{0x4, "LM1.0 Response to Centralized Query"},
{0x5, "LM1.0 Response to Distributed Query"},
{0x6, "LM2.0 Response to LOGON Request"},
{0x7, "Query for Primary DC"},
{0x8, "Announce Startup of Primary DC"},
{0x9, "Announce Failed Primary DC"},
{0x10, "LM2.0 Response when user is unknown"},
{0x11, "LM2.1 Announce account updates"},
{0x12, "SAM LOGON Request from client"},
{0x16, "SAM Response to Interrogate Request"},
{0x13, "SAM Response to SAM LOGON Request"},
{0x14, "SAM Response during NETLOGON pause"},
{0x15, "SAM Response when user is unknown"},
{0xA, "Announce Change to UAS or SAM"},
{0xB, "Announce no user on machine"},
{0xC, "Response from Primary DC"},
{0xD, "LM1.0/LM2.0 Response to Relogon Request"},
{0xE, "LM1.0/LM2.0 Response to Interrogate Request"},
{0xF, "LM2.0 Response During NETLOGON pause"}
Thanks in advance,
Stuart Macdonald
Network Associates.
----------------------------------------------------------------
Users Guide http://www.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe. Save time, search
the archives at http://discuss.microsoft.com/archives/index.html
More information about the samba-technical
mailing list