HostedDB - Dedicated UNIX Servers
nt-part2_39 Analysis of the Security of  Windows NT 1 March 1999 39 netlogon will wait for a request to log on a user. An example of the event stated above is described in appendix B. FIGURE 16. Passthrough authentication in NT 5.4.2  Pass-through Logon When a user is trying to logon to a computer that is not a DC and gives a domain name that is different from the name of the computer a pass-through logon will occur. The steps involved in this type of logon is similar to does described in, see section 5.3, the only difference is that the authentication package will ask the DC for the required domain to authenticate the user by using  netlogon. The events that occur are the fol- lowing (assuming netlogon already has a secure channel established to the DC): 1.  The authentication package will send the hashed password, the domain name and the user name to netlogon. 2.  Netlogon will send a NetLogonSamLoggon RPC message to the DC using the secure channel. This message will contain among other things the 16 byte RC4 encryption of the passwords, both LM and NT-native, using the session key as the encryption key, the domain and user names and a time stamp. See appendix A.4 3.  The DC will compare the information it got with the information stored in its SAM database. It will then reply and if the logon was successful send a copy (almost) of the SAM entries for that user to the netlogon process on the client. 4.  Netlogon will pass the information it received to the authentication package and the logon process will continue as described earlier. 5.4.3  Remote Logon This type of logon has unfortunately been called a number of things, remote logon, net- work logon and secondary logon. This type of logon will occur when a user accesses resources on other computers than the on s/he is interactively logged in to even if that computer is part of the domain. In this case netlogons secure channel is not used Login Security account manager User accounts database Netlogon Security account manager User accounts database Netlogon Domain logon Local logon Local Computer Domain Controller Local logon Secure Comm. Channel