Question on ntlm_auth tool

Andrew Bartlett abartlet at
Mon Sep 13 23:13:33 GMT 2004

On Tue, 2004-09-14 at 08:13, Yimin Chen wrote:
> Hi Andrew,
> I still have some doubt about the ntlm_auth tool, sorry for posting so 
> many questions. Could you please clarify them for me?
> 1) I see ntlm_auth has option to specify the NT/LM responses to get user 
> authenticated. But if we don't parse the handshakes, but just handover 
> to ntlm_auth tool, we won't even know which user we are authenticating.

This is for use in different protocols, such as MSCHAP (used in PPP),
where we are given the username, NT and LM responses separately.  This
is not the case for the 'blob' based form of NTLMSSP we find in HTTP.

> So we still need to do some parsing to get username, domain, type of 
> message, etc, right? Or anything after "Proxy Authorization: NTLM " 
> should be passed to ntlm_auth? I am a little confused.

Have a read of:


You will see that when ntlm_auth is finished, it will tell you which
user was authenticated.

> 2) When you say "blob", is the encoded string inside the authentication 
> header you are referring to? Is there any document about NTLMSSP that I 
> should read to understand it better? The only thing I found right now is 
> from Microsoft site:
> "NTLMSSP, whose authentication service identifier is RPC_C_AUTHN_WINNT, 
> is a security support provider that is available on all versions of 
> DCOM. It uses the Microsoft® Windows NT® LAN Manager (NTLM) protocol for 
> authentication."

There is actually quite a bit of information about NTLMSSP around -
start with and then read the

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Authentication Developer, Samba Team  
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list