Question on ntlm_auth tool

Yimin Chen ymchen at cisco.com
Thu Sep 16 01:49:17 GMT 2004


Hi Andrew,

Sorry I have one more silly question on the ntlm_auth tool:

If the username is unicode, how would the tool output it?


Thanks!
Yimin


>Date: Wed, 15 Sep 2004 18:44:31 -0700
>To: Andrew Bartlett <abartlet at samba.org>
>From: Yimin Chen <ymchen at cisco.com>
>Subject: Re: Question on ntlm_auth tool
>Cc: samba-technical at lists.samba.org
>Bcc: ƒ\Projects\Authentication
>
>Hi Andrew,
>
>Thanks for your clarifications! I think I now understand it much better.
>
>So if the ntlm_auth tool is enhanced to return the group information, 
>would it be just a list of SIDs or it could be the actual group names? If 
>it will be SIDs, do we need to query the domain controllers for the 
>groupnames, or Samba has other API we can use to do the conversion?
>
>
>Thanks!
>Yimin
>
>
>At 09:13 AM 9/14/2004 +1000, Andrew Bartlett wrote:
>>On Tue, 2004-09-14 at 08:13, Yimin Chen wrote:
>> > Hi Andrew,
>> >
>> >
>> > I still have some doubt about the ntlm_auth tool, sorry for posting so
>> > many questions. Could you please clarify them for me?
>> >
>> >
>> > 1) I see ntlm_auth has option to specify the NT/LM responses to get user
>> > authenticated. But if we don't parse the handshakes, but just handover
>> > to ntlm_auth tool, we won't even know which user we are authenticating.
>>
>>This is for use in different protocols, such as MSCHAP (used in PPP),
>>where we are given the username, NT and LM responses separately.  This
>>is not the case for the 'blob' based form of NTLMSSP we find in HTTP.
>>
>> > So we still need to do some parsing to get username, domain, type of
>> > message, etc, right? Or anything after "Proxy Authorization: NTLM "
>> > should be passed to ntlm_auth? I am a little confused.
>>
>>Have a read of:
>>
>>http://samba.org/ftp/unpacked/lorikeet/trunk/mod_ntlm_winbind/
>>
>>and
>>
>>http://samba.org/ftp/unpacked/lorikeet/trunk/patches/
>>
>>You will see that when ntlm_auth is finished, it will tell you which
>>user was authenticated.
>>
>> > 2) When you say "blob", is the encoded string inside the authentication
>> > header you are referring to? Is there any document about NTLMSSP that I
>> > should read to understand it better? The only thing I found right now is
>> > from Microsoft site:
>> >
>> > "NTLMSSP, whose authentication service identifier is RPC_C_AUTHN_WINNT,
>> > is a security support provider that is available on all versions of
>> > DCOM. It uses the Microsoft® Windows NT® LAN Manager (NTLM) protocol 
>> for
>> > authentication."
>>
>>There is actually quite a bit of information about NTLMSSP around -
>>start with http://davenport.sf.net/ntlm.html and then read the
>>references.
>>
>>Andrew Bartlett
>>
>>--
>>Andrew Bartlett                                 abartlet at samba.org
>>Authentication Developer, Samba Team            http://samba.org
>>Student Network Administrator, Hawker College   abartlet at hawkerc.net



More information about the samba-technical mailing list