Old Topic: Re: NT Security Alert: (was Re: NTDOM: SamLogon validation...)

Paul Ashton paul at argo.demon.co.uk
Tue Apr 28 13:21:36 GMT 1998

Luke said:
> however, in your paragraph above, exactly what has to be related to a 
> previously sent challenge? 

4 The CIFS server  sends a NEGOTIATE SMB to the Domain Controller
5 The NEGOTIATE response along with the challenge is saved by the CIFS server
6 The CIFS server sends a NEGOTIATE response (to client) using the saved challenge
7 The CIFS client computes the challenge response as detailed in the CIFS specification, and then challenge response is sent as part of a SessionSetupAndX SMB
8 The CIFS server extracts the challenge response from above SMB
9 The CIFS server sends it's own SessionSetupAndX SMB to the domain
  controller using the extracted challenge response

I don't think this is the case in an NT domain. It would be easy
to check to see if the CIFS server does do the final SS&X, but
I think it does a NetLogonSamLogon with its *own* challenge
instead. I'm sure Paul Leach will correct me if I'm wrong.


More information about the samba-ntdom mailing list