Hi Alexander, Apologies for the delay in response. Jeff retired last week and I'll be taking over this case on his behalf.
I see that you're referencing the 5 steps outlined in [MS-NRPC] 3.2.4.2 Network Ticket Logon. You're wondering about the intermediary steps between the following: 2. Netlogon delivers the request (see section 3.2.4.2.1<https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/1ff6ce53-dc55-4a9e-af21-cb8ea5de5948>) 3. The Key Distribution Center (KDC)<https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/b5e7d25a-40b2-41c8-9611-98f53358af66#gt_6e5aafba-6b66-4fdd-872e-844f142af287> processes the request and sends a reply (see [MS-KILE]<https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/2a32282e-dd48-4ad9-a542-609804b02cc9> section 3.3.5.8.1<https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/5445bcc9-1232-42d3-9f66-99f40463a92c>) [MS-NRPC] 3.2.4.2.1 discusses what I interpret as 2 stages, dispatch to the appropriate DC, and the domain calling the KDC. Is your question specifically about the call to the KDC after the Netlogon request has reached the appropriate DC? Regards, Kristian Smith Support Escalation Engineer | Microsoft(r) Corporation Email: kristian.sm...@microsoft.com<mailto:kristian.sm...@microsoft.com> From: Jeff McCashland (He/him) <je...@microsoft.com> Sent: Monday, August 18, 2025 3:37 PM To: Alexander Bokovoy (Samba) <a...@samba.org> Cc: cifs-protocol@lists.samba.org; Microsoft Support <supportm...@microsoft.com> Subject: Re: [EXTERNAL] Network Ticket Logon clarification - TrackingID#2508140040006509 [Kristian to BCC] Hi Alexander, I will research the logon interaction and see what I can find. Best regards, Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Corporation Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada) Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300 ________________________________ From: Kristian Smith <kristian.sm...@microsoft.com<mailto:kristian.sm...@microsoft.com>> Sent: Thursday, August 14, 2025 8:39 AM To: Alexander Bokovoy (Samba) <a...@samba.org<mailto:a...@samba.org>> Cc: cifs-protocol@lists.samba.org<mailto:cifs-protocol@lists.samba.org> <cifs-protocol@lists.samba.org<mailto:cifs-protocol@lists.samba.org>>; Microsoft Support <supportm...@microsoft.com<mailto:supportm...@microsoft.com>> Subject: RE: [EXTERNAL] Network Ticket Logon clarification - TrackingID#2508140040006509 [DocHelp to Bcc] Hi Alexander, Thanks for reaching out with your Kerberos/Netlogon question. I've created case 2508140040006509 to track the issue. One of our engineers will investigate this and contact you soon. Regards, Kristian Smith Support Escalation Engineer | Microsoft(r) Corporation Email: kristian.sm...@microsoft.com<mailto:kristian.sm...@microsoft.com> -----Original Message----- From: Alexander Bokovoy <a...@samba.org<mailto:a...@samba.org>> Sent: Thursday, August 14, 2025 5:41 AM To: Interoperability Documentation Help <doch...@microsoft.com<mailto:doch...@microsoft.com>> Cc: cifs-protocol@lists.samba.org<mailto:cifs-protocol@lists.samba.org> Subject: [EXTERNAL] Network Ticket Logon clarification Hello Dochelp, I am reading through MS-KILE v45 update that was published this week (v20250811) and trying to understand how would KDC receive the request which processing is described in the section [MS-KILE] 3.3.5.8 Network Ticket Logon. As referenced in [MS-KILE] 3.3.5.8, [MS-NRPC] 3.2.4.2 describes the process on the Netlogon side, namely: -------------------------------------- Broadly, there are five major steps in the network ticket logon process: - The Kerberos client prepares and makes a request (see [MS-APDS] sections 3.2.5.1 and 3.2.5.2) - Netlogon delivers the request (see section 3.2.4.2.1) - The Key Distribution Center (KDC) processes the request and sends a reply (see [MS-KILE] section 3.3.5.8.1) - Netlogon processes the reply and sends it to the client (see section 3.2.4.2.2) - The Kerberos client receives the reply (see [MS-APDS] section 3.2.5.4) ------------------------------------- My question is related to the steps 'Netlogon delivers the request' and 'KDC processes the requests and sends a reply'. Unfortunately, neither [MS-NRPC] 3.2.4.2.1 nor [MS-KILE] 3.3.5.8.1 clarify how exactly Netlogon and KDC communicate the request between each other. Could you please clarify it? Is it a specially formatted TGS-REQ? Or is it some special form of a back-channel between these components? -- / Alexander Bokovoy
_______________________________________________ cifs-protocol mailing list cifs-protocol@lists.samba.org https://lists.samba.org/mailman/listinfo/cifs-protocol
