Question on NTLMv2 over SMB

Christopher R. Hertel crh at ubiqx.mn.org
Tue Jun 28 19:27:18 GMT 2005 

Yimin,

Okay, I'm confused...  Are you saying that you're passing the wrong 
information through from server to client?  If so, then yes.  The LMv2 
response is based on several values, one of which would be the 
"Destination" name (in Unicode).  That value must, of course, match what 
the server expects.

Let us know how it goes.

...and do let me know if Cisco will be sending anyone to the CIFS & iSCSI 
conference in August.  :)

Chris -)-----

On Tue, Jun 28, 2005 at 11:50:46AM -0700, Yimin Chen (ymchen) wrote:
> Hi Chris, Andrew,
> 
> After comparing the sniffer traces with/without the proxy, I think the
> LMv2 response generated from client was probably incorrect because it
> didn't get the correct server target information in the
> NTLMSSP_CHALLENGE message. It doesn't matter for LM response, because LM
> response does not take into consideration of the server target
> information. 
> 
> I will retest the senario after correcting our code to send back the
> server target information, and will let you know the results.
> 
> Thank you very much for your help!
> 
> 
> Thanks,
> Yimin
> 
> > -----Original Message-----
> > From: Christopher R. Hertel [mailto:crh at ubiqx.mn.org] 
> > Sent: Tuesday, June 28, 2005 10:44 AM
> > To: Andrew Bartlett
> > Cc: Yimin Chen (ymchen); samba-technical at lists.samba.org
> > Subject: Re: Question on NTLMv2 over SMB
> > 
> > On Tue, Jun 28, 2005 at 12:02:48PM +1000, Andrew Bartlett wrote:
> > > On Mon, 2005-06-27 at 18:54 -0700, Yimin Chen wrote:
> > > > Hi,
> > > > 
> > > > I am running into problem when trying to test NTLMv2 pass-through 
> > > > authentication.
> > > > 
> > > > I am reading "Implementing CIFS" and according to the section 
> > > > 15.5.7, if Domain Controller has "IMCompatibility" set to 
> > 0, and I 
> > > > send a LMv2 response in the CaseInsensitivePassword field 
> > in the SMB 
> > > > Session Setup Andx Request, the Domain controller should 
> > compare the 
> > > > response with LM, LMv2, NTLM, NTLMv2 responses and found 
> > my response 
> > > > matching with LMv2 and then grant the access.
> > > > 
> > > > However, in my testing, I noticed that if I send LMv2 response to 
> > > > the domain controller, the access is denied; if I send LM 
> > response 
> > > > to the domain controller, the access is allowed. So I am not sure 
> > > > whether there is some additional configuration I need to 
> > do on the 
> > > > domain controller in order for it to accept LMv2 response as well?
> > > 
> > > More likely you have not got the LMv2 algorithm correct, as 
> > far as I 
> > > know the password type is always accepted.  Also remember that the 
> > > 'case sensitive' password field always seems to take 
> > priority, so if 
> > > you have any NT response, then it will succeed or fail on 
> > that basis.
> > 
> > When I was researching this (oh so many months ago) the 
> > documentation I found said that the LMv2 response was added 
> > as an afterthought.  The reason it was added was that some 
> > (older) Windows systems doing pass-through had hard-coded 
> > password length fields (recall that all of the responses, 
> > *except for the NTLMv2 response*, are 24 bytes).
> > 
> > Anyway, according to the doco I found, the nodes in 
> > pass-through mode would truncate the NTLMv2 response.  The 
> > work-around was to add the LMv2 response.
> > 
> > The way to test this would be for Yimin to truncate the 
> > NTLMv2 response to
> > 24 bytes in his code.  I'd try this with and without changing 
> > the field length in CaseSensitivePasswordLength (just to see 
> > what happens).
> > 
> > Yimin, is that something you can do?  If so, please let us 
> > know the results.
> > 
> > We have some tools to do this as well, if needed.
> > 
> > Chris -)-----
> > 
> > 
> > --
> > "Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
> > Samba Team -- http://www.samba.org/     -)-----   Christopher 
> > R. Hertel
> > jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx 
> > development, uninq.
> > ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
> > OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org
> > 
> 

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the samba-technical mailing list