"NTLMv2 Response (Only)" yields Unicode password length of 78

Ken Cross kcross at nssolutions.com
Fri Apr 11 02:58:47 GMT 2003 

> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at samba.org] 
> Sent: Thursday, April 10, 2003 6:55 PM
> To: Ken Cross
> Cc: 'Christopher R. Hertel'; 'Samba Technical'
> Subject: RE: "NTLMv2 Response (Only)" yields Unicode password 
> length of 78
> 
> 
> On Fri, 2003-04-11 at 05:24, Ken Cross wrote:
> > > Sent: Wednesday, January 29, 2003 10:56 PM
> > >
> > > We have had LMv2 code available for a while (thanks to the
> > > TNG folk) but 
> > > there was little impetus to push ahead with it.  Few people 
> > > have asked.  
> > > You're one of the few.  :)
> > > 
> > > 
> > > Chris -)-----
> > > 
> > 
> > 
> > FWIW, here's one more vote to support NT LMv2.  We have a customer 
> > that is going to restrict all users to LMv2 only.  That 
> breaks Samba 
> > 3.0 pretty badly.
> 
> 
> ??
> 
> I have had NTLMv2 in 3.0 for over a year, and LMv2 for months 
> now.  It's been fully supported inside NTLMSSP for ages too.
> 
> I would be very interested to hear how it's failing.
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett                                 abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
> Student Network Administrator, Hawker College   abartlet at hawkerc.net
> http://samba.org     http://build.samba.org     http://hawkerc.net
>


Really?  Well, if we set a client to "only allow NTLMv2", then it fails.
It ends with a simple "end of file from client".

Log snippet below with log level=4 auth:10

I'd be happy to help work on it with you.

Ken
________________________________

Ken Cross

Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at nssolutions.com 


[2003/04/10 13:58:25, 3] smbd/negprot.c:reply_negprot(427)
  Requested protocol [NT LM 0.12]
[2003/04/10 13:58:25, 3] smbd/negprot.c:reply_nt1(301)
  using SPNEGO
[2003/04/10 13:58:25, 3] smbd/negprot.c:reply_negprot(504)
  Selected protocol NT LM 0.12
[2003/04/10 13:58:25, 3] smbd/process.c:process_smb(882)
  Transaction 2 of length 214
[2003/04/10 13:58:25, 3] smbd/process.c:switch_message(676)
  switch message SMBsesssetupX (pid 835)
[2003/04/10 13:58:25, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/04/10 13:58:25, 3] smbd/sesssetup.c:reply_sesssetup_and_X(524)
  wct=12 flg2=0xc807
[2003/04/10 13:58:25, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(436)
  Doing spnego session setup
[2003/04/10 13:58:25, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(460)
  NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0]
[2003/04/10 13:58:25, 3] smbd/sesssetup.c:reply_spnego_negotiate(341)
  Got OID 1 3 6 1 4 1 311 2 2 10
[2003/04/10 13:58:25, 3] smbd/sesssetup.c:reply_spnego_negotiate(348)
  Got secblob of size 45
[2003/04/10 13:58:25, 5] auth/auth.c:make_auth_context_subsystem(403)
  Making default auth method list for security=user, encrypt passwords =
yes
[2003/04/10 13:58:25, 5] auth/auth.c:make_auth_context_text_list(341)
  make_auth_context_text_list: Attempting to find an auth method to
match guest
[2003/04/10 13:58:25, 5] auth/auth.c:make_auth_context_text_list(357)
  make_auth_context_text_list: Found auth method guest (at pos 0)
[2003/04/10 13:58:25, 5] auth/auth.c:make_auth_context_text_list(360)
  make_auth_context_text_list: auth method guest has a valid init
[2003/04/10 13:58:25, 5] auth/auth.c:make_auth_context_text_list(341)
  make_auth_context_text_list: Attempting to find an auth method to
match sam
[2003/04/10 13:58:25, 5] auth/auth.c:make_auth_context_text_list(357)
  make_auth_context_text_list: Found auth method sam (at pos 3)
[2003/04/10 13:58:25, 5] auth/auth.c:make_auth_context_text_list(360)
  make_auth_context_text_list: auth method sam has a valid init
[2003/04/10 13:58:25, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(33)
  Got NTLMSSP neg_flags=0xc008b297
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_NEGOTIATE_OEM
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_LM_KEY
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
    NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2003/04/10 13:58:25, 5] auth/auth.c:get_ntlm_challenge(67)
  auth_get_challenge: module guest did not want to specify a challenge
[2003/04/10 13:58:25, 5] auth/auth.c:get_ntlm_challenge(67)
  auth_get_challenge: module sam did not want to specify a challenge
[2003/04/10 13:58:25, 5] auth/auth.c:get_ntlm_challenge(106)
  auth_context challenge created by random
[2003/04/10 13:58:25, 5] auth/auth.c:get_ntlm_challenge(107)
  challenge is: 
[2003/04/10 13:58:25, 3] smbd/process.c:timeout_processing(1095)
  end of file from client

More information about the samba-technical mailing list