Question on NTLMv2 over SMB

[Yimin Chen]

Hi Andrew,

Thanks for your response. What I was testing was pass-through 
authentication, so my program is acting as proxy and handing the LMv2 
response from browser to the domain controller. My program is not 
encoding the LMv2 response.

Client browser actually sent both LMv2 and NTLMv2 response, I just 
handed over the LMv2 response in the CaseInsensitivePassword field, 
while leaving the CaseSensitivePassword empty. Is this the right way to 
do it, if I just wanted to see whether the DC will honor the LMv2 response?


Thanks!
Yimin

Andrew Bartlett wrote:
> On Mon, 2005-06-27 at 18:54 -0700, Yimin Chen wrote:
> 
>>Hi,
>>
>>I am running into problem when trying to test NTLMv2 pass-through 
>>authentication.
>>
>>I am reading "Implementing CIFS" and according to the section 15.5.7, if 
>>Domain Controller has "IMCompatibility" set to 0, and I send a LMv2 
>>response in the CaseInsensitivePassword field in the SMB Session Setup 
>>Andx Request, the Domain controller should compare the response with LM, 
>>LMv2, NTLM, NTLMv2 responses and found my response matching with LMv2 
>>and then grant the access.
>>
>>However, in my testing, I noticed that if I send LMv2 response to the 
>>domain controller, the access is denied; if I send LM response to the 
>>domain controller, the access is allowed. So I am not sure whether there 
>>is some additional configuration I need to do on the domain controller 
>>in order for it to accept LMv2 response as well?
> 
> 
> More likely you have not got the LMv2 algorithm correct, as far as I
> know the password type is always accepted.  Also remember that the 'case
> sensitive' password field always seems to take priority, so if you have
> any NT response, then it will succeed or fail on that basis.
> 
> I need to work on more testing combinations, but for the SAMLOGON stage
> (which this all ends up, back at the DC) I have a Samba4 testsuite to
> hammer this stuff.  It is RPC-SAMLOGON in smbtorture.
> 
> Andrew Bartlett
>