2.2.3.1 NETLOGON_VALIDATION_TICKET_LOGON message
The NETLOGON_VALIDATION_TICKET_LOGON message is used after the NETLOGON_TICKET_LOGON_INFO message (section 2.2.2.1) at the destination domain, the issuing KDC opens the ticket, verifies all the signatures, and then extracts the authorization information from the PAC. This message is defined with the following fields.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
A |
B |
C |
D |
||||||||||||||||||||||||||||
|
SourceInformation |
TransitInformation |
||||||||||||||||||||||||||||||
|
KerberosStatus |
|||||||||||||||||||||||||||||||
|
NetlogonStatus |
|||||||||||||||||||||||||||||||
|
UserInformation (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
DeviceInformation (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
UserClaimsLength |
|||||||||||||||||||||||||||||||
|
UserClaims (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
DeviceClaimsLength |
|||||||||||||||||||||||||||||||
|
DeviceClaims |
|||||||||||||||||||||||||||||||
A - CriticalResults (1 byte): A UCHAR. Conditions that all parties must understand to interpret the rest of the results. The following value is defined.
-
Value
Meaning
LogonFailed
0x0000
There's no authorization data because the ticket logon failed. Check other result fields for the reason.
B - CriticalClientResults (1 byte): A UCHAR. Conditions that the caller must understand before using the results. Unused, MUST be set to 0.
C - CriticalComputerDomainResults (1 byte): A UCHAR. Conditions that must be handled by Netlogon in the computer's domain. Unused, MUST be set to 0.
D - CriticalTransitResults (1 byte): A UCHAR. Conditions that must be handled by Netlogon in every transited domain. Unused, MUST be set to 0.
SourceInformation (2 bytes): A USHORT that contains information about the ticket from the KDC that issued the service ticket. The following values are defined.
-
Value
Meaning
TicketDecryptionFailed
0x0000
Logon failed because the ticket could not be decrypted.
PacValidationFailed
0x0001
Logon failed because the PAC signatures did not validate.
CompoundSource
0x0002
The source ticket contained device information.
SourceUserClaims
0x0003
There were user claims in the source ticket.
SourceDeviceClaims
0x0004
There were device claims in the source ticket.
FullSignaturePresent
0x0005
The KDC checked the full ticket krbtgt signature.
ResourceGroupsRemoved
0x0006
The KDC removed (by client request) resource groups from the source information.
TransitInformation (2 bytes): A USHORT. Information from Netlogon about operations performed while transiting back to the computer. The following values are defined.
-
Value
Meaning
UserSidsFailed
0x0000
Logon failed because SID filtering did not allow the user identity.
UserNamespaceFailed
0x0001
Logon failed because namespace filtering did not allow the user domain name.
UserFailedA2A
0x0002
Logon failed because the user is not allowed to authenticate to the computer.
DeviceSidsFailed
0x0003
Compound identity was removed because SID filtering did not allow the device identity.
DeviceNamespaceFailed
0x0004
Compound identity was removed because SID filtering did not allow the device domain name.
UserSidsFiltered
0x0005
SID filtering removed one or more SIDs from the user information.
DeviceSidsFiltered
0x0006
SID filtering removed one or more SIDs from the device information.
KerberosStatus (4 bytes): A USHORT. If unsuccessful, includes an NTSTATUS code that details an error encountered by the KDC during ticket validation.
NetlogonStatus (4 bytes): A USHORT. If unsuccessful, includes an NTSTATUS code that details an error encountered by Netlogon during transit back to the computer.
UserInformation (variable): A NETLOGON_VALIDATION_SAM_INFO4 structure that contains the authenticated user information ([MS-NRPC] section 2.2.1.4.13).
DeviceInformation (variable): A NETLOGON_VALIDATION_SAM_INFO4 structure that contains optional authenticated device information ([MS-NRPC] section 2.2.1.4.13).
UserClaimsLength (4 bytes): A ULONG. The length of the preceding user claims data.
UserClaims (variable): A pointer to a UCHAR. The user claims data.
DeviceClaimsLength (4 bytes): A ULONG. The length of the preceding device claims data.
DeviceClaims (4 bytes): A pointer to a UCHAR. The device claims data.