logging in or signing up 5 LogonPassthru Balan Lucianna Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 41 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: September 30, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Win95 Domain Logon Balan Sethu Raman Software Design Engineer Windows NT Development Microsoft Corporation: Win95 Domain Logon Balan Sethu Raman Software Design Engineer Windows NT Development Microsoft CorporationWin 95 Domain Logon: Win 95 Domain Logon Mechanism by which a client prevalidates a users credentials with a Domain Controller (DC). This is implemented in three phases Domain Controller Discovery Session Setup Remote API ExecutionDC Discovery: DC Discovery Process by which a client machine locates the DC of a domain Sends NETLOGON_LOGON_REQUEST message on all transports addressed to the NETBIOS group name <Domain Name> [1c] This is packaged as a mailslot write SMB directed at the mailslot \mailslot\NET\NETLOGONDC Discovery: DC Discovery NETLOGON_LOGON_REQUEST message includes name of the client machine name of the user name of the mailslot on which the response is expected a token set to 0xFF signifying Lanman V2.0 or greaterDC Discovery: DC Discovery The DC’s respond in one of the following three ways LOGON_RESPONSE2 the user account exists LOGON_USER_UNKNOWN the user account does not exist LOGON_PAUSE_RESPONSE the logon service has been paused. This response is ignored by the clientsDC Discovery: DC Discovery LOGON_RESPONSE2 The response includes the name of the Logon Server to which the logon requests can be forwarded. If no DC responds within the given time interval (Currently 15 seconds ) the NETLOGON processing is terminated for this request Session Setup: Session Setup The client machine establishes a connection to the IPC$ share on the Logon Server using the client credentials. The purpose of this is to validate the users credentialsSession Setup: Session Setup This consists of the following sequence of SMB’s Negotiate SMB determines the dialect to be used, also establishes the seed for further encryption Session Setup And X followed by Tree Connect And X ( IPC$ share ) The session key obtained from the server is encrypted with the passwordSession Setup : Session Setup if any errors are encountered during the session setup process the logon request processing is terminated with the appropriate errorInvoking Logon API : Invoking Logon API The logon API are executed on the logon server. The following APIs must be implemented NetWkstaUserLogon, NetWkstaUserLogoff The following APIs are optional SamOemChgPasswordUser2, NetRemoteTOD All APIs are shipped to the server as TRANSACT SMBsLogon APIs : Logon APIs The transaction name in all cases is \pipe\lanman The Remote Admin Protocol (RAP) is used to marshal/unmarshal the params. The param portion of the Transact request SMB includes descriptor of the params Logon APIs: Logon APIs the descriptor of the response expected marshalled params The data and param portion of the Transact response contain the results of executing the API at the server. PassThru Authentication Balan Sethu Raman Software Design Engineer Windows NT Development Microsoft Corporation: PassThru Authentication Balan Sethu Raman Software Design Engineer Windows NT Development Microsoft CorporationPassthru Authentication: Passthru Authentication Mechanism by which a server validates a users credentials presented by a client machine with a Domain Controller (DC). This is done at the time when the user attempts to set up a session to the server from a client machinePassthru Initiailization: Passthru Initiailization Server discovers the DC and sends a NEGOTIATE SMB to it. The NEGOTIATE response alongwith the session key in it is cached by the server.Passthru Sequence: Passthru Sequence Negotiate SMB ( Client -- Server ) lists the dialects to be used Negotiate SMB Response (Server -- Client) the same session key that was obtained from the DC is returned to the client Session Setup And X (Client -- Server) the session key obtained from the server is encrypted with the passwordPassthru Sequence Contd ….: Passthru Sequence Contd …. Session Setup And X ( Server -- DC ) The encrypted key obtained from the client is passed thru to the DC . Sess. Setup. Response ( DC -- Server ) If the users passwords match the session setup is successful Logoff and X ( Server -- DC ) tear down the session established with the DC using the users credentials Passthru Sequence … Contd: Passthru Sequence … Contd Sess Setup And X resp. ( Server -- Client ) The response is based on the DCs response to the server. Passthru Authentication: Passthru Authentication In the passthru sequence the server established a session with the DC, indeed NT Advanced Server will do. The primary problem is the discovery of the advanced server.Questions?: Questions? You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
5 LogonPassthru Balan Lucianna Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 41 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: September 30, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Win95 Domain Logon Balan Sethu Raman Software Design Engineer Windows NT Development Microsoft Corporation: Win95 Domain Logon Balan Sethu Raman Software Design Engineer Windows NT Development Microsoft CorporationWin 95 Domain Logon: Win 95 Domain Logon Mechanism by which a client prevalidates a users credentials with a Domain Controller (DC). This is implemented in three phases Domain Controller Discovery Session Setup Remote API ExecutionDC Discovery: DC Discovery Process by which a client machine locates the DC of a domain Sends NETLOGON_LOGON_REQUEST message on all transports addressed to the NETBIOS group name <Domain Name> [1c] This is packaged as a mailslot write SMB directed at the mailslot \mailslot\NET\NETLOGONDC Discovery: DC Discovery NETLOGON_LOGON_REQUEST message includes name of the client machine name of the user name of the mailslot on which the response is expected a token set to 0xFF signifying Lanman V2.0 or greaterDC Discovery: DC Discovery The DC’s respond in one of the following three ways LOGON_RESPONSE2 the user account exists LOGON_USER_UNKNOWN the user account does not exist LOGON_PAUSE_RESPONSE the logon service has been paused. This response is ignored by the clientsDC Discovery: DC Discovery LOGON_RESPONSE2 The response includes the name of the Logon Server to which the logon requests can be forwarded. If no DC responds within the given time interval (Currently 15 seconds ) the NETLOGON processing is terminated for this request Session Setup: Session Setup The client machine establishes a connection to the IPC$ share on the Logon Server using the client credentials. The purpose of this is to validate the users credentialsSession Setup: Session Setup This consists of the following sequence of SMB’s Negotiate SMB determines the dialect to be used, also establishes the seed for further encryption Session Setup And X followed by Tree Connect And X ( IPC$ share ) The session key obtained from the server is encrypted with the passwordSession Setup : Session Setup if any errors are encountered during the session setup process the logon request processing is terminated with the appropriate errorInvoking Logon API : Invoking Logon API The logon API are executed on the logon server. The following APIs must be implemented NetWkstaUserLogon, NetWkstaUserLogoff The following APIs are optional SamOemChgPasswordUser2, NetRemoteTOD All APIs are shipped to the server as TRANSACT SMBsLogon APIs : Logon APIs The transaction name in all cases is \pipe\lanman The Remote Admin Protocol (RAP) is used to marshal/unmarshal the params. The param portion of the Transact request SMB includes descriptor of the params Logon APIs: Logon APIs the descriptor of the response expected marshalled params The data and param portion of the Transact response contain the results of executing the API at the server. PassThru Authentication Balan Sethu Raman Software Design Engineer Windows NT Development Microsoft Corporation: PassThru Authentication Balan Sethu Raman Software Design Engineer Windows NT Development Microsoft CorporationPassthru Authentication: Passthru Authentication Mechanism by which a server validates a users credentials presented by a client machine with a Domain Controller (DC). This is done at the time when the user attempts to set up a session to the server from a client machinePassthru Initiailization: Passthru Initiailization Server discovers the DC and sends a NEGOTIATE SMB to it. The NEGOTIATE response alongwith the session key in it is cached by the server.Passthru Sequence: Passthru Sequence Negotiate SMB ( Client -- Server ) lists the dialects to be used Negotiate SMB Response (Server -- Client) the same session key that was obtained from the DC is returned to the client Session Setup And X (Client -- Server) the session key obtained from the server is encrypted with the passwordPassthru Sequence Contd ….: Passthru Sequence Contd …. Session Setup And X ( Server -- DC ) The encrypted key obtained from the client is passed thru to the DC . Sess. Setup. Response ( DC -- Server ) If the users passwords match the session setup is successful Logoff and X ( Server -- DC ) tear down the session established with the DC using the users credentials Passthru Sequence … Contd: Passthru Sequence … Contd Sess Setup And X resp. ( Server -- Client ) The response is based on the DCs response to the server. Passthru Authentication: Passthru Authentication In the passthru sequence the server established a session with the DC, indeed NT Advanced Server will do. The primary problem is the discovery of the advanced server.Questions?: Questions?