|
|
On Fri, Sep 29, 2006 at 04:52:25PM -0700, John Ackart wrote:
> I have an interesting problem.
>
> I put together some code that executes in the following sequence.
>
> 1. Create a netlogon pipe 1.
> 2. Send a samlogon request on pipe 1. (SUCCESS)
> 3. Create a netlogon pipe 2.
> 4. Send a samlogon request on pipe 2. (SUCCESS)
> 5. Send a samlogon request on pipe 1. (FAIL)
> 6. Send a samlogon request on pipe 2. (FAIL)
>
> samlogon requests 2 and 4 succeed. But 5 and 6 fail with
> NT_STATUS_ACCESS_DENIED.
>
> The netlogon logs on the Windows Server 2003 show that it uses the
> session key generated for the pipe 2 for samlogon request 5 even though
> it was sent on pipe 1. And of course request 6 fails because the client
> messes up the credential chain because of the unexpected behavior in
> request 5.
>
> Is this a limitation of the protocol?
>
> If anyone is interested I can send the code and the logs.
What server are you running against ? Is this against a W2K3
server ?
I'd be very interested in the code, we might add this to
our torture tester if it's Samba code.
Thanks,
Jeremy.
|
|