unknown RPC opcodes during join+logon

Luke Howard lukeh at PADL.COM
Thu Sep 19 04:57:01 GMT 2002

>The return code always follows the last top-level [out] value, but there
>is an additional [out] ULONG in NetrServerAuthenticate3.
>The algorithm for calculating credentials is the same.

Actually, I'm no longer sure this is the case. It seems that the
algorithm for NetrServerAuthenticate3 is the same if the client
thinks the domain is an NT4 domain (in which case it talks to it
over SMB), but it looks like the algorithm is different in a 
Windows 2000 domain (where the RPC is made over ncacn_ip_tcp),
as unlikely as this seems (given they are the same RPC). Note
that the flags are ostensibly irrelevant, because the client
sends the authenticator before it receives the flags from the

-- Luke

Luke Howard | PADL Software Pty Ltd | www.padl.com

More information about the samba-technical mailing list