[jcifs] MS-CHAP and MS-CHAP-V2 possible?
Mike Bean
bean at alcatel-lucent.com
Wed Feb 28 18:52:06 GMT 2007
Thanks,
That was what I was afraid of. I have read through LKCL's book but I
must admit I no Samba or MSRPC expert. Looks like you were trying to do
same thing with Jarapac project.
Mike
Michael B Allen wrote:
> On Mon, 26 Feb 2007 16:57:09 -0800
> Mike Bean <bean at alcatel-lucent.com> wrote:
>
>
>> I have some JNI code to perform LsaLogonUser calls on Windows to
>> validate MS-CHAP and MS-CHAP-V2 responses. It looks like you should be
>> able to do the same with JCIFS but it appears that challenges must be
>> chosen by DC. Unfortunately I need to specify a challenge rather than
>> get one from DC. Is there any way to create a
>> NtlmPasswordAuthentication object with external hashes and challenge and
>> perform a logon to validate hashes?
>>
>
> Nope.
>
>
>> Can I get the user password hashed
>> twice to use in generating MPPE keys, I believe this is the user session
>> key?
>>
>
> You could do the NetrSamLogon RPC (that's what LsaLogonUser does). You
> supply the challenge and the password hashes and get back the session key
> (I assume the session key must be sufficent to do MPPE).
>
> I don't think we have any netlogon.idl at the momement but between Samba
> SVN, MSDN and Wireshark you should be able to fill in enough of it to
> produce a JCIFS MSRPC stub with our midlc compiler.
>
> Another way to do it might be to use digest authentication. I don't
> know the details but the Heimdal guys just implemented the functional
> equivalent of NetrSamLogon to authenticate NTLM clients. It also gives
> you the session key.
>
> Mike
>
>
More information about the jcifs
mailing list