"NTLMv2 Response (Only)" yields Unicode password length of 78
Ken Cross
kcross at nssolutions.com
Fri Apr 11 02:58:47 GMT 2003
> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at samba.org]
> Sent: Thursday, April 10, 2003 6:55 PM
> To: Ken Cross
> Cc: 'Christopher R. Hertel'; 'Samba Technical'
> Subject: RE: "NTLMv2 Response (Only)" yields Unicode password
> length of 78
>
>
> On Fri, 2003-04-11 at 05:24, Ken Cross wrote:
> > > Sent: Wednesday, January 29, 2003 10:56 PM
> > >
> > > We have had LMv2 code available for a while (thanks to the
> > > TNG folk) but
> > > there was little impetus to push ahead with it. Few people
> > > have asked.
> > > You're one of the few. :)
> > >
> > >
> > > Chris -)-----
> > >
> >
> >
> > FWIW, here's one more vote to support NT LMv2. We have a customer
> > that is going to restrict all users to LMv2 only. That
> breaks Samba
> > 3.0 pretty badly.
>
>
> ??
>
> I have had NTLMv2 in 3.0 for over a year, and LMv2 for months
> now. It's been fully supported inside NTLMSSP for ages too.
>
> I would be very interested to hear how it's failing.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> Student Network Administrator, Hawker College abartlet at hawkerc.net
> http://samba.org http://build.samba.org http://hawkerc.net
>
Really? Well, if we set a client to "only allow NTLMv2", then it fails.
It ends with a simple "end of file from client".
Log snippet below with log level=4 auth:10
I'd be happy to help work on it with you.
Ken
________________________________
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at nssolutions.com
[2003/04/10 13:58:25, 3] smbd/negprot.c:reply_negprot(427)
Requested protocol [NT LM 0.12]
[2003/04/10 13:58:25, 3] smbd/negprot.c:reply_nt1(301)
using SPNEGO
[2003/04/10 13:58:25, 3] smbd/negprot.c:reply_negprot(504)
Selected protocol NT LM 0.12
[2003/04/10 13:58:25, 3] smbd/process.c:process_smb(882)
Transaction 2 of length 214
[2003/04/10 13:58:25, 3] smbd/process.c:switch_message(676)
switch message SMBsesssetupX (pid 835)
[2003/04/10 13:58:25, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/04/10 13:58:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X(524)
wct=12 flg2=0xc807
[2003/04/10 13:58:25, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(436)
Doing spnego session setup
[2003/04/10 13:58:25, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(460)
NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
[2003/04/10 13:58:25, 3] smbd/sesssetup.c:reply_spnego_negotiate(341)
Got OID 1 3 6 1 4 1 311 2 2 10
[2003/04/10 13:58:25, 3] smbd/sesssetup.c:reply_spnego_negotiate(348)
Got secblob of size 45
[2003/04/10 13:58:25, 5] auth/auth.c:make_auth_context_subsystem(403)
Making default auth method list for security=user, encrypt passwords =
yes
[2003/04/10 13:58:25, 5] auth/auth.c:make_auth_context_text_list(341)
make_auth_context_text_list: Attempting to find an auth method to
match guest
[2003/04/10 13:58:25, 5] auth/auth.c:make_auth_context_text_list(357)
make_auth_context_text_list: Found auth method guest (at pos 0)
[2003/04/10 13:58:25, 5] auth/auth.c:make_auth_context_text_list(360)
make_auth_context_text_list: auth method guest has a valid init
[2003/04/10 13:58:25, 5] auth/auth.c:make_auth_context_text_list(341)
make_auth_context_text_list: Attempting to find an auth method to
match sam
[2003/04/10 13:58:25, 5] auth/auth.c:make_auth_context_text_list(357)
make_auth_context_text_list: Found auth method sam (at pos 3)
[2003/04/10 13:58:25, 5] auth/auth.c:make_auth_context_text_list(360)
make_auth_context_text_list: auth method sam has a valid init
[2003/04/10 13:58:25, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(33)
Got NTLMSSP neg_flags=0xc008b297
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_NEGOTIATE_OEM
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_LM_KEY
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_KEY_EXCH
[2003/04/10 13:58:25, 5] auth/auth.c:get_ntlm_challenge(67)
auth_get_challenge: module guest did not want to specify a challenge
[2003/04/10 13:58:25, 5] auth/auth.c:get_ntlm_challenge(67)
auth_get_challenge: module sam did not want to specify a challenge
[2003/04/10 13:58:25, 5] auth/auth.c:get_ntlm_challenge(106)
auth_context challenge created by random
[2003/04/10 13:58:25, 5] auth/auth.c:get_ntlm_challenge(107)
challenge is:
[2003/04/10 13:58:25, 3] smbd/process.c:timeout_processing(1095)
end of file from client
More information about the samba-technical
mailing list