[cifs-protocol] ntproof field
mat at samba.org
Sun Feb 12 00:14:12 MST 2012
MS-NLMP didn't provide much information about the ntrpoof field use,
it's explained how to calculate it but it's not explained what the
server should do with this attribute/value.
My understanding is that the server when receiving an
AUTHENTICATE_MESSAGE with a NTLMv2 response must check the ntproof
(first 16 bytes of the nt response field) and the lm response field. In
the fact it seems that the proof is not verified.
With the help of ntlm_auth I provided 2 almost similar nt_response with
just the first byte of the ntproof being different, Windows 2008R2
accepted both authenticate message.
Is it the expected behavior ?
Thanks for your answer.
More information about the cifs-protocol