Question on NTLMv2 over SMB

Christopher R. Hertel crh at ubiqx.mn.org
Tue Jun 28 17:43:52 GMT 2005 

On Tue, Jun 28, 2005 at 12:02:48PM +1000, Andrew Bartlett wrote:
> On Mon, 2005-06-27 at 18:54 -0700, Yimin Chen wrote:
> > Hi,
> > 
> > I am running into problem when trying to test NTLMv2 pass-through 
> > authentication.
> > 
> > I am reading "Implementing CIFS" and according to the section 15.5.7, if 
> > Domain Controller has "IMCompatibility" set to 0, and I send a LMv2 
> > response in the CaseInsensitivePassword field in the SMB Session Setup 
> > Andx Request, the Domain controller should compare the response with LM, 
> > LMv2, NTLM, NTLMv2 responses and found my response matching with LMv2 
> > and then grant the access.
> > 
> > However, in my testing, I noticed that if I send LMv2 response to the 
> > domain controller, the access is denied; if I send LM response to the 
> > domain controller, the access is allowed. So I am not sure whether there 
> > is some additional configuration I need to do on the domain controller 
> > in order for it to accept LMv2 response as well?
> 
> More likely you have not got the LMv2 algorithm correct, as far as I
> know the password type is always accepted.  Also remember that the 'case
> sensitive' password field always seems to take priority, so if you have
> any NT response, then it will succeed or fail on that basis.

When I was researching this (oh so many months ago) the documentation I
found said that the LMv2 response was added as an afterthought.  The
reason it was added was that some (older) Windows systems doing
pass-through had hard-coded password length fields (recall that all of the 
responses, *except for the NTLMv2 response*, are 24 bytes).

Anyway, according to the doco I found, the nodes in pass-through mode 
would truncate the NTLMv2 response.  The work-around was to add the LMv2 
response.

The way to test this would be for Yimin to truncate the NTLMv2 response to 
24 bytes in his code.  I'd try this with and without changing the field 
length in CaseSensitivePasswordLength (just to see what happens).

Yimin, is that something you can do?  If so, please let us know the 
results.

We have some tools to do this as well, if needed.

Chris -)-----


-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the samba-technical mailing list