[Samba] SAM LOGON & SAM Response - user unknown
Chris Hall
chris.hall at halldom.com
Sun May 18 10:07:16 GMT 2008
Samba: 3.0.28a
I'm staring at Wireshark output to try to see why one user can read a
particular cookie file from one machine, but the same user cannot read
it from a different machine.
I see:
SMB_NETLOGON SAM LOGON request from client
SMB_NETLOGON SAM Response - user unknown
The detail of the exchange is below.
The user name provided appears to be blank. So this may not be a
surprise.
Is this significant, or is it a vestigial exchange ?
Chris
------------------------------------------------------------------------
SMB_NETLOGON SAM LOGON request from client
SMB Header
Server Component: SMB
SMB Command: Trans (0x25)
Error Class: Success (0x00)
Reserved: 00
Error Code: No Error
Flags: 0x00
Flags2: 0x0000
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 0
Process ID: 0
User ID: 0
Multiplex ID: 0
Trans Request (0x25)
Word Count (WCT): 17
Total Parameter Count: 0
Total Data Count: 88
Max Parameter Count: 0
Max Data Count: 0
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
Timeout: 1 second
Reserved: 0000
Parameter Count: 0
Parameter Offset: 0
Data Count: 88
Data Offset: 92
Setup Count: 3
Reserved: 00
Byte Count (BCC): 111
Transaction Name: \MAILSLOT\NET\NETLOGON
SMB MailSlot Protocol
Opcode: Write Mail Slot (1)
Priority: 1
Class: Unreliable & Broadcast (2)
Size: 111
Mailslot Name: \MAILSLOT\NET\NETLOGON
Microsoft Windows Logon Protocol (Old)
Command: SAM LOGON request from client (0x12)
Request Count: 0
Unicode Computer Name: ALCYONE
User Name:
Mailslot Name: \MAILSLOT\NET\GETDC834
Account control = 0x0000
Domain SID Size: 24
Domain: S-1-5-21-4211105910-4270789338-3787013593
NT Version: 11
LMNT Token: 0xffff (Windows NT Networking)
LM20 Token: 0xffff (LanMan 2.0 or higher)
SMB_NETLOGON SAM Response - user unknown
SMB Header
Server Component: SMB
SMB Command: Trans (0x25)
Error Class: Success (0x00)
Reserved: 00
Error Code: No Error
Flags: 0x00
Flags2: 0x0000
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 0
Process ID: 0
User ID: 0
Multiplex ID: 0
Trans Request (0x25)
Word Count (WCT): 17
Total Parameter Count: 0
Total Data Count: 40
Max Parameter Count: 0
Max Data Count: 0
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 0
Parameter Offset: 0
Data Count: 40
Data Offset: 92
Setup Count: 3
Reserved: 00
Byte Count (BCC): 63
Transaction Name: \MAILSLOT\NET\GETDC834
SMB MailSlot Protocol
Opcode: Write Mail Slot (1)
Priority: 1
Class: Unreliable & Broadcast (2)
Size: 63
Mailslot Name: \MAILSLOT\NET\GETDC834
Microsoft Windows Logon Protocol (Old)
Command: SAM Response - user unknown (0x15)
Server Name: \\HESTIA
User Name:
Domain Name: RHEA
NT Version: 1
LMNT Token: 0xffff (Windows NT Networking)
LM20 Token: 0xffff (LanMan 2.0 or higher)
--
Chris Hall @ Home +44 (0)7970 277 383
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 470 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20080518/7df74314/signature.bin
More information about the samba
mailing list