"NTLMv2 Response (Only)" yields Unicode password length of 78

Vance Lankhaar vlankhaar at shaw.ca
Wed Jan 29 03:11:54 GMT 2003

Check out Chris' book - http://www.ubiqx.org/cifs/SMB.html#SMB.8.5

He's got a great explanation of what we observed while looking at a few

Also, if you would have a capture of it of the response, I'd love to
take a look at it - there's a few bytes that are still unknown.

Vance Lankhaar

On Wed, 2003-01-29 at 19:57, Joey Collins wrote:
> Good evening folks,
> I have a WIN2K system and I am failing to authenticate to a Samba 2.2
> installation, which I suspect is due to the weird length of Unicode
> password length in the SessionSetupAndX message.  Here is my
> circumstance.
> On my W2K machine:
> -Run the secpol.msc management plug-in thingie.
> -Click "Local Policies"
> -Click "Security Options"
> -In the right pain, look for "LAN Manager Authentication Level"
> -Double click on this.
> -In the pull-down, set it to "Send NTLMv2 response only"
> -Commit that change.
> -Now, connect to the Samba machine.
> The ANSI password length in the SessionSetupAndX is 24, but in my case
> the Unicode Password Length is 78 (this is according to the latest &
> greatest ethereal built from sources yesterday).
> When I change the setting in LAN Manager Authentication Level" back to
> the default, I can connect to Samba 2.2 using the same creds.
> I tried this on a W2K -> W2K setup (not active directory) and the same
> trace occurs, but this time, the Unicode password length was 66 (it was
> a different account/password)!
> Anyone else see this?  Does anyone know how the binary response of 78
> bytes is created?  Lots of zeros, it does not appear to be ASN.1
> Have a great night,
> Joey.

More information about the samba-technical mailing list