Compartilhar via


6.3.1.8 NETLOGON_SAM_LOGON_RESPONSE

The NETLOGON_SAM_LOGON_RESPONSE structure is the first extended version of the server's response to an LDAP ping (section 6.3.3) or a mailslot ping (section 6.3.5).


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Opcode

UnicodeLogonServer (variable)

...

UnicodeUserName (variable)

...

UnicodeDomainName (variable)

...

DomainGuid (16 bytes)

...

...

NullGuid (16 bytes)

...

...

DnsForestName (variable)

...

DnsDomainName (variable)

...

DnsHostName (variable)

...

DcIpAddress

Flags

NtVersion

LmNtToken

Lm20Token

Opcode (2 bytes): Operation code (see section 6.3.1.3).

UnicodeLogonServer (variable): Null-terminated Unicode value of the NetBIOS name of the server. This field always contains at least one character: the null terminator. Each Unicode value is encoded as 2 bytes.

UnicodeUserName (variable): Null-terminated Unicode value of the name of the user copied directly from the client's request. This field always contains at least one character: the null terminator. Each Unicode value is encoded as 2 bytes.

UnicodeDomainName (variable): Null-terminated Unicode value of the NetBIOS name of the NC. This field always contains at least one character: the null terminator. Each Unicode value is encoded as 2 bytes.

DomainGuid (16 bytes): The value of the NC's GUID attribute specified as a GUID structure, which is defined in [MS-DTYP] section 2.3.4.

NullGuid (16 bytes): A NULL GUID. The GUID structure is defined in [MS-DTYP] section 2.3.4. Always set zero values for all fields in the GUID structure.

DnsForestName (variable): UTF-8 encoded value of the DNS forest name, compressed as specified in [RFC1035] section 4.1.4. To get the decompressed string, see section 6.3.7.

DnsDomainName (variable): UTF-8 encoded value of the DNS NC name, compressed as specified in [RFC1035] section 4.1.4. To get the decompressed string, see section 6.3.7.

DnsHostName (variable): UTF-8 encoded value of the DNS server name, compressed as specified in [RFC1035] section 4.1.4. To get the decompressed string, see section 6.3.7.

DcIpAddress (4 bytes): The domain controller IP address, as specified in [RFC791].

Flags (4 bytes): DS_FLAG Options (see section 6.3.1.2).

NtVersion (4 bytes): Set to NETLOGON_NT_VERSION_1 | NETLOGON_NT_VERSION_5.

LmNtToken (2 bytes): This MUST be set to 0xFFFF.

Lm20Token (2 bytes): This MUST be set to 0xFFFF.

Note All multibyte quantities are represented in little-endian byte order.