Question on ntlm_auth tool
ymchen at cisco.com
Thu Sep 16 01:49:17 GMT 2004
Sorry I have one more silly question on the ntlm_auth tool:
If the username is unicode, how would the tool output it?
>Date: Wed, 15 Sep 2004 18:44:31 -0700
>To: Andrew Bartlett <abartlet at samba.org>
>From: Yimin Chen <ymchen at cisco.com>
>Subject: Re: Question on ntlm_auth tool
>Cc: samba-technical at lists.samba.org
>Thanks for your clarifications! I think I now understand it much better.
>So if the ntlm_auth tool is enhanced to return the group information,
>would it be just a list of SIDs or it could be the actual group names? If
>it will be SIDs, do we need to query the domain controllers for the
>groupnames, or Samba has other API we can use to do the conversion?
>At 09:13 AM 9/14/2004 +1000, Andrew Bartlett wrote:
>>On Tue, 2004-09-14 at 08:13, Yimin Chen wrote:
>> > Hi Andrew,
>> > I still have some doubt about the ntlm_auth tool, sorry for posting so
>> > many questions. Could you please clarify them for me?
>> > 1) I see ntlm_auth has option to specify the NT/LM responses to get user
>> > authenticated. But if we don't parse the handshakes, but just handover
>> > to ntlm_auth tool, we won't even know which user we are authenticating.
>>This is for use in different protocols, such as MSCHAP (used in PPP),
>>where we are given the username, NT and LM responses separately. This
>>is not the case for the 'blob' based form of NTLMSSP we find in HTTP.
>> > So we still need to do some parsing to get username, domain, type of
>> > message, etc, right? Or anything after "Proxy Authorization: NTLM "
>> > should be passed to ntlm_auth? I am a little confused.
>>Have a read of:
>>You will see that when ntlm_auth is finished, it will tell you which
>>user was authenticated.
>> > 2) When you say "blob", is the encoded string inside the authentication
>> > header you are referring to? Is there any document about NTLMSSP that I
>> > should read to understand it better? The only thing I found right now is
>> > from Microsoft site:
>> > "NTLMSSP, whose authentication service identifier is RPC_C_AUTHN_WINNT,
>> > is a security support provider that is available on all versions of
>> > DCOM. It uses the MicrosoftÂ® Windows NTÂ® LAN Manager (NTLM) protocol
>> > authentication."
>>There is actually quite a bit of information about NTLMSSP around -
>>start with http://davenport.sf.net/ntlm.html and then read the
>>Andrew Bartlett abartlet at samba.org
>>Authentication Developer, Samba Team http://samba.org
>>Student Network Administrator, Hawker College abartlet at hawkerc.net
More information about the samba-technical