NetrLogonSamLogon (Opnum 2)

The NetrLogonSamLogon method<206> is a predecessor to the NetrLogonSamLogonWithFlags method (section All parameters of this method have the same meanings as the identically named parameters of the NetrLogonSamLogonWithFlags method.

 NTSTATUS NetrLogonSamLogon(
   [in, unique, string] LOGONSRV_HANDLE LogonServer,
   [in, string, unique] wchar_t* ComputerName,
   [in, unique] PNETLOGON_AUTHENTICATOR Authenticator,
   [in, out, unique] PNETLOGON_AUTHENTICATOR ReturnAuthenticator,
   [in, switch_is(LogonLevel)] PNETLOGON_LEVEL LogonInformation,
   [out, switch_is(ValidationLevel)] 
     PNETLOGON_VALIDATION ValidationInformation,
   [out] UCHAR * Authoritative

Message processing<207> is identical to NetrLogonSamLogonEx, as specified in section, except for the following:

  • The method uses Netlogon authenticators, so instead of checking for Secure RPC, the server MUST confirm the validity of the Authenticator (section that it received using the ComputerName for the secure channel to find the corresponding record in the ClientSessionInfo table. If the Authenticator parameter is valid, the server MUST compute the ReturnAuthenticator parameter returned (section Otherwise, the server MUST return STATUS_ACCESS_DENIED.

  • The ExtraFlags parameter is not processed.

This method SHOULD only be called by a machine that has established a secure channel with the server.

On receiving this call, the server MUST perform the following validation step:

  • Apply Common Error Processing Rule A, specified in section 3.