I have an interesting problem.
I put together some code that executes in the following sequence.
1. Create a netlogon pipe 1.
2. Send a samlogon request on pipe 1. (SUCCESS)
3. Create a netlogon pipe 2.
4. Send a samlogon request on pipe 2. (SUCCESS)
5. Send a samlogon request on pipe 1. (FAIL)
6. Send a samlogon request on pipe 2. (FAIL)
samlogon requests 2 and 4 succeed. But 5 and 6 fail with
NT_STATUS_ACCESS_DENIED.
The netlogon logs on the Windows Server 2003 show that it uses the
session key generated for the pipe 2 for samlogon request 5 even though
it was sent on pipe 1. And of course request 6 fails because the client
messes up the credential chain because of the unexpected behavior in
request 5.
Is this a limitation of the protocol?
If anyone is interested I can send the code and the logs.
Thanks for any insights.
John.
|