Andrew, I went through the logic of the generic pass through function in Kerberos package for both Windows server 2003 and 2008. I found that it only processes KerbVerifyPacMessage (0x03). For any other message types, STATUS_ACCESS_DENIED should be returned.
Could you give me more information about your testing ? Which version of Windows server did you use ? Did you just use a KERB_VERIFY_PAC_REQUEST structure as LogonInformation passed to NetrLogonSamLogon() and set MessageType from 0x00 to 0xFF ? If you can send us a network trace to show that NT_STATUS_OK is returned for any message type other than 0x03, it would be really helpful. Thanks ---------------------------------------------------------- Hongwei Sun - Sr. Support Escalation Engineer DSC Protocol Team, Microsoft [EMAIL PROTECTED] Tel: 469-7757027 x 57027 ----------------------------------------------------------- ________________________________________ From: Andrew Bartlett [EMAIL PROTECTED] Sent: Tuesday, September 02, 2008 11:06 PM To: Interoperability Documentation Help Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Other types of Kerberos messages on SamLogon Generic MS-APDS 2.2.2.1 describes only one Generic message type (0x3) for the Package "Kerberos". However, Microsoft servers still return NT_STATUS_OK on a message type in the range 0x0..0xff (for example). What other message types are valid on this Package, and what are their formats? Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
