"Secure" channel demystifying?
Henrik Nordstrom
hno at squid-cache.org
Sat Jul 10 11:30:40 GMT 2004
On Wed, 7 Jul 2004, Dimitry V. Ketov wrote:
> As I can see, it's just normal LM/NTLM challeges and respones inside NETLOGON "secure" channel
Yes, the NTLM challenges/responses is the same as NTLM would not work
otherwise. But the final response (not the NTLM response) carrries
additional information.
> copied from client/server LM/NTLM authetication.
But not in the same order.. Look how the challenge is generated. This mode
of the NTLM/LANMAN protocols is only available from the domain controller
because of the trust chain established by the domain computer account.
> Where is that "protection" ? :(
It is not the NTLM challenge/response which is protected, this is public
information. What is protected is the user session key contained within
the netlogin response. Not strongly protected, but protected. The user
session key is not part of NTLM but is used in other aspects related to
authentication.
As discussed before real security is only provided if signing & sealing is
enabled on the secure channel (which it is by default). The capability of
signing & sealing is the difference between the original NT4 style domain
logins and the secure channel used in NT4 SP4 and later..
> Furthermore, it seems doesn't conform to NETLOGON authentication, stated in http://www.samba.org/samba/devel/docs/html/Samba-Developers-Guide.html#id2878012
In what sense?
Regards
Henrik
More information about the samba-technical
mailing list