Re: [cifs-protocol] [MS-APDS] NETLOGON_TICKET_LOGON_INFO message - TrackingID#2405210040011397

Mon, 01 Jul 2024 18:57:54 -0700 

[moving back to cifs-protocol]

Hi Sreekanth,

Call me Jo :)
As I can’t seem to upload the traces via the link you sent me, I’ll try to email them to you directly.
The reason for asking about NETLOGON_TICKET_LOGON_INFO is that we’re looking to address https://bugzilla.samba.org/show_bug.cgi?id=15249. 

Cheers,
Jo (she/her)

On 14/06/24 3:39 am, Sreekanth Nadendla wrote:
Hello Joseph, I've sent you instructions to download time travel trace tool to collect traces for lass process earlier. But we were informed by Andrew Bartlet that the reason why you've raised the login issue with [MS-APDS] NETLOGON_TICKET_LOGON_INFO is that you are looking to resolve a privilege escalation problem via enforcement of PAC verification.  I could not see how these two issues are connected hence I'm unable to continue the investigation on my own (while you are away dealing with a personal issue). Please let us know whenever you are ready and we will gather the details, data to investigate the issue you are experiencing. 

Regards,

Sreekanth Nadendla

Microsoft Windows Open Specifications






From: Jo Sutton <jsut...@samba.org>

Sent: Monday, May 20, 2024 9:49 PM
To: cifs-protocol@lists.samba.org <cifs-protocol@lists.samba.org>; Interoperability Documentation Help <doch...@microsoft.com> 
Subject: [EXTERNAL] [MS-APDS] NETLOGON_TICKET_LOGON_INFO message
[Some people who received this message don't often get email from jsut...@samba.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] 

Hi dochelp,

I’m trying to follow [MS-APDS] 2.2.2.1, “NETLOGON_TICKET_LOGON_INFO
Message”, in order to create a NETLOGON_TICKET_LOGON_INFO message that
will be accepted by Windows Server 2019. However, in my attempts so far,
all I’ve got is STATUS_INVALID_PARAMETER codes from NetrLogonSamLogonEx.

Although [MS-APDS] doesn’t mention it, I assume
NETLOGON_TICKET_LOGON_INFO should contain an unsigned 32‐bit MessageType
field, set to 0x00000026, that indicates the message is a
NETLOGON_TICKET_LOGON_INFO message. Other than that, I’m not sure what
I’m doing wrong. Are the ticket fields arrays, are depicted in the
diagram, or pointers, as claimed in the documentation?

I can provide traces showing the problem if you would like.

Cheers,
Jo (she/her)



_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol

Reply via email to