"Session Key" in NTLMSSP auth frame.

[Jim McDonough]

>OK, I think that the code in cliconnect that tries to do ntlmssp is wrong
>when it comes to the AUTH response. There is no session key sent. That is,
>the session key is empty in the auth, and there should not be one in the
>negotiate.
>
>If you look in sesssetup.c you will notice that the session key is
>discarded after the token blob is parsed as well.
>
>So, get rid of the key in the negotiate, and send a NULL key in the AUTH,
>and you should be right!
Nope, not right.  At least, that's not what windows machines do.  Also,
check out the doc:
http://www.opengroup.org/onlinepubs/009899899/toc.htm

and look in Chapter 11 for at least some of the NTLMSSP info.  The
Sessionkey is sent in the auth command.

----------------------------
Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074
USA

jmcd at us.ibm.com
jmcd at samba.org

Phone: (207) 885-5565
IBM tie-line: 776-9984


Richard Sharpe <rsharpe at ns.aus.com>@lists.samba.org on 09/03/2002 12:53:21
AM

Sent by:    samba-technical-admin at lists.samba.org


To:    Steven French/Austin/IBM at IBMUS
cc:    Jim McDonough/Portland/IBM at IBMUS, <samba-technical at samba.org>
Subject:    Re: "Session Key" in NTLMSSP auth frame.



On Mon, 2 Sep 2002, Steven French wrote:

>
> I am getting a "STATUS_INVALID_PARM" error returned on my NTLMSSP auth
> frame (from the CIFS VFS to XP).   Looking at working traces, other than
a
> few negotiate flags (mostly requesting signing) I don't see much
difference
> between the traces except for two things - I send a LANMAN encrypted pass
> field that is all zero (I don't send the flag indicating the presence of
a
> LANMAN password) and a "session key" that is all zero (whatever that
means
> in this context).   I noticed that Samba doesn't seem to set the LANMAN
> encrypted pass either (which is good) but I am suspicious that the
problem
> is that I am setting a session key of all zero - where do I get this
from.
> The libsmb Samba client code seems to get it somehow out of the challenge
> which does not seem to make sense based on the traces of Windows clients
> doing NTLMSSP that I have looked at.   Any idea how to construct the
> NTLMSSP auth request frame's "session key" field?

OK, I think that the code in cliconnect that tries to do ntlmssp is wrong
when it comes to the AUTH response. There is no session key sent. That is,
the session key is empty in the auth, and there should not be one in the
negotiate.

If you look in sesssetup.c you will notice that the session key is
discarded after the token blob is parsed as well.

So, get rid of the key in the negotiate, and send a NULL key in the AUTH,
and you should be right!

Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com