Question on ntlm_auth tool

Yimin Chen ymchen at
Thu Sep 16 01:44:31 GMT 2004

Hi Andrew,

Thanks for your clarifications! I think I now understand it much better.

So if the ntlm_auth tool is enhanced to return the group information, would 
it be just a list of SIDs or it could be the actual group names? If it will 
be SIDs, do we need to query the domain controllers for the groupnames, or 
Samba has other API we can use to do the conversion?


At 09:13 AM 9/14/2004 +1000, Andrew Bartlett wrote:
>On Tue, 2004-09-14 at 08:13, Yimin Chen wrote:
> > Hi Andrew,
> >
> >
> > I still have some doubt about the ntlm_auth tool, sorry for posting so
> > many questions. Could you please clarify them for me?
> >
> >
> > 1) I see ntlm_auth has option to specify the NT/LM responses to get user
> > authenticated. But if we don't parse the handshakes, but just handover
> > to ntlm_auth tool, we won't even know which user we are authenticating.
>This is for use in different protocols, such as MSCHAP (used in PPP),
>where we are given the username, NT and LM responses separately.  This
>is not the case for the 'blob' based form of NTLMSSP we find in HTTP.
> > So we still need to do some parsing to get username, domain, type of
> > message, etc, right? Or anything after "Proxy Authorization: NTLM "
> > should be passed to ntlm_auth? I am a little confused.
>Have a read of:
>You will see that when ntlm_auth is finished, it will tell you which
>user was authenticated.
> > 2) When you say "blob", is the encoded string inside the authentication
> > header you are referring to? Is there any document about NTLMSSP that I
> > should read to understand it better? The only thing I found right now is
> > from Microsoft site:
> >
> > "NTLMSSP, whose authentication service identifier is RPC_C_AUTHN_WINNT,
> > is a security support provider that is available on all versions of
> > DCOM. It uses the Microsoft® Windows NT® LAN Manager (NTLM) protocol for
> > authentication."
>There is actually quite a bit of information about NTLMSSP around -
>start with and then read the
>Andrew Bartlett
>Andrew Bartlett                                 abartlet at
>Authentication Developer, Samba Team  
>Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list