Nota
L'accesso a questa pagina richiede l'autorizzazione. È possibile provare ad accedere o modificare le directory.
L'accesso a questa pagina richiede l'autorizzazione. È possibile provare a modificare le directory.
To make the request, the client prepares a NETLOGON_LOGON_IDENTITY_INFO ([MS-NRPC] section 2.2.1.4.15). This is placed in the ServiceTicket field of a NETLOGON_TICKET_LOGON_INFO ([MS-NRPC] section 2.2.1.4.19) which is then sent over the secure channel the client has with the domain controller.
The values of fields are set as follows:
In NETLOGON_LOGON_IDENTITY_INFO, the UserName is set to the identity of the service receiving the ticket, LogonDomainName is set to the name of the realm that issued the service ticket (service domain), and Workstation is set to the name of the client computer.
The ServiceTicket field and its length (ServiceTicketLength) are always present in NETLOGON_TICKET_LOGON_INFO.
If the service ticket is user-to-user (that is, the AP request has the enc-tkt-in-skey flag set, as specified in [RFC4120] section 2.9.2, then the service’s ticket-granting ticket (TGT) used for decryption is placed in the AdditionalTicket field.
Request options in NETLOGON_TICKET_LOGON_INFO are set to zero except for the following which are set to 1:
SkipResourceGroups
SkipA2AChecks
NoAuthorizationData is set to 1 only if the user being authenticated is from the same domain as the computer
The computer uses its secure channel to send the request to its domain controller using NetrLogonSamLogonEx ([MS-NRPC] section 3.5.4.5.1 and section 3.4.5.3.2). The logon level is NetlogonTicketLogonInformation and the validation level is NetlogonValidationTicketLogon.