SAMR Communication between Client and Server

sarshah20 · Mar 10, 2006

I am studying SAMR and need to examine the SAMR packets that are
actually
sent on the wire.

What I am Doing:
I have setup a virtual machine of Windows NT 4 Server as a
domain controller and created a user (who will login from a remote
machine
joined with this domain controller). Then i took a virtual machine of
Windows
NT 4 Server (which will act as a client) and joined it with the
aforementioned
domain controller. Before logging in using the client machine, i setup
a
network traffic capture application and point it to capture
communication
between client and server. When i logged in on the client using domain
user
name, there were no SAMR packets that i could see in the capture.

The Question:
What kind of environment setup do i need to generate these
packets? By environment setup i mean what kind of client server
environment
must be setup? Or do i need to write a client which will make SAMR
interface
calls (like SamrConnect etc) to connect/authenticate to the SAM
database
residing on the domain controller.

Thanks,
sarshah.

Steven L Umbach · Mar 11, 2006

I am not familiar with SAMR but I wonder if your problem is trying to
capture network traffic with a virtual machine of which I have never tried.
You may also want to use TDImon from SysInternals to see if it shows any
traffic on the client/server. --- Steve

http://www.sysinternals.com/Utilities/TdiMon.html --- TDImon

Roger Abell [MVP] · Mar 11, 2006

I am not sure how well this transports back to NT 4 but I do
believe you would, assuming you are capturing the correct
network packet stream, have better luck if you were to do
a join of a machine to the domain or a remote creation of
a domain account.

sarshah20 · Mar 14, 2006

Thanks both of you guys for your replies.
SAMR packets were generated when i made the client PC to join the
domain. The client and server were two separate virtual machines. I
have another question. I was studying the captures and there is a
SamrSetInformationUser2 request from the client. In this request, the
password is sent encrypted. What encryption algo is used to encrypt
this passowrd?

And for those who are studying SAMR like me, this link would be helpful
if they are interested in various SAMR calls.

http://www.hsc.fr/ressources/articles/win_net_srv/ch04s07s03.html

Thanks,
sarshah.

Roger Abell [MVP] · Mar 15, 2006

I do not know, nor whether it is the password within the crypto
or just a hash of it. Perhaps you now need a new thread asking
in the crypto newsgroup to see if someone there knows.

VPN server without domain controller	0	Sep 23, 2017
Windows Server 2003 Security Guide issue	4	Nov 30, 2004
authentication problem	12	Mar 16, 2004
Ports Required for client authentication to AD	2	Feb 11, 2009
Win2k server does'nt propogate security settings to Win2k3	2	Aug 16, 2004
Client loses network connection with server after reboot	0	Mar 29, 2011
2 virtual machines connecting on Host	1	Dec 10, 2009
Port 138 137 Broadcast to subnet \| Unix syslog port 3514 Snare Server	1	Oct 19, 2005

SAMR Communication between Client and Server

sarshah20

Steven L Umbach

Roger Abell [MVP]

sarshah20

Roger Abell [MVP]

Ask a Question

Similar Threads