Using Samba for HTTP-NTLM-authentication?
rsharpe at ns.aus.com
Fri Jul 12 13:02:20 GMT 2002
On Fri, 12 Jul 2002, Tim Potter wrote:
> On Sat, Jul 13, 2002 at 04:47:17AM +0930, Richard Sharpe wrote:
> It's actually NTLMSSP base-64 encoded in http headers.
> > There has been much discussion about this on this list and on
> > #samba-technical and it may already be possible or close to possible using
> > samba-head based code.
> There is a mod_ntlm_winbind the basis of which is used in squid for its
> NTLMSSP support. The mod_ntlm_winbind project is currently unmaintained
> and broken.
> Basically there are hooks in winbindd (through the AUTH_CRAP command) to
> authenticate using a challenge and nt/lm responses.
> > It sounds like the client is doing a Windows LOGON using the previously
> > computed NT HASH generated when the user logged onto the client.
> Nope. There's a challenge sent by either the server and then the client
> produces a LM and NT response which is a hash of the challenge and the
> user's password. This is sent to the server (in this case winbindd) for
But the server does not have the user's password, only the NT or LM hash
of the user's password, so what I think you are saying is that the
respose if formed by hashing the challenge with the user's password hash?
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com
More information about the samba-technical