[cifs-protocol] ntproof field

Matthieu Patou mat at samba.org
Sun Feb 12 00:14:12 MST 2012

Hello Dochelp,

MS-NLMP didn't provide much information about the ntrpoof field use, 
it's explained how to calculate it but it's not explained what the 
server should do with this attribute/value.

My understanding is that the server when receiving an 
AUTHENTICATE_MESSAGE with a NTLMv2 response must check the ntproof 
(first 16 bytes of the nt response field) and the lm response field. In 
the fact it seems that the proof is not verified.
With the help of ntlm_auth I provided 2 almost similar nt_response with 
just the first byte of the ntproof being different, Windows 2008R2 
accepted both authenticate message.

Is it the expected behavior ?

Thanks for your answer.


Matthieu Patou
Samba Team

More information about the cifs-protocol mailing list