Question on NTLMv2 over SMB

Yimin Chen (ymchen) ymchen at cisco.com
Fri Sep 2 23:11:12 GMT 2005 

Another question:

1)  Does the username passed over SMB have to be in unicode, 
even if flag2 indicates unicode not supported?

Thanks,
Yimin

> -----Original Message-----
> From: Yimin Chen (ymchen) 
> Sent: Friday, September 02, 2005 2:17 PM
> To: Andrew Bartlett
> Cc: samba-technical at lists.samba.org; Yimin Chen (ymchen)
> Subject: RE: Question on NTLMv2 over SMB
> 
> Hi Andrew,
> 
> I am having problem authenticating with domain controller 
> even after my proxy sends back the correct target information 
> about the domain controller. I have some questions that I 
> would like to clarify to make sure I am doing the right thing 
> and have the correct understanding of NTLMv2 algorithm.
> 
> First of all, here is my setup:
> 
> IE configured to use my proxy
> Proxy has NTLM authentication and will send 407 back to 
> client for authentication IE performs the NTLM handshakes 
> with proxy, and proxy obtains the challenage and NetBIOS 
> names over SMB from domain controller, and send information 
> over in type-2 message.
> IE sends LMv2 and NTLMv2 responses, and proxy sends NTLMv2 or 
> LMv2 response in the CaseInsensitivePassword field (ASCII 
> pasword field) over SMB to domain controller Proxy OEM flag 
> is set, unicode flag not set in type-2 message
> 
> Now my questions:
> 
> 1) As long as I typied the username, password, and domain 
> correctly in the browser pop-up, the only thing that could 
> cause a incorrect LMv2 response is the NetBIOS name of the 
> domain that is used in v2hash, right? 
> 
> 2) The NetBIOS name of the domain used in v2hash is obtained 
> from the target information, right? Or obtained from the 
> Primary Domain field in the SMB Negotiate Protocol Response, 
> which is the upper case of what I typied in pop-up window? I 
> compared my target information against what the domain 
> controller sends back in the case of IE requesting a 
> NTLM-protected object off that domain controller, and they 
> are the same. I used the same username, password, domain for 
> the NTLM-protected object case, and it is working fine.
> 
> 3) So what else can be wrong in the LMv2 response?  
> 4) Does the username passed over SMB have to be in unicode, 
> even if flag2 indicates unicode not supported?
> 
> 
> Thanks!
> 
> Yimin
> > -----Original Message-----
> > From: Andrew Bartlett [mailto:abartlet at samba.org]
> > Sent: Monday, June 27, 2005 9:08 PM
> > To: Yimin Chen (ymchen)
> > Cc: samba-technical at lists.samba.org
> > Subject: Re: Question on NTLMv2 over SMB
> > 
> > On Mon, 2005-06-27 at 21:02 -0700, Yimin Chen wrote:
> > > Hi Andrew,
> > > 
> > > Thanks for your response. What I was testing was pass-through 
> > > authentication, so my program is acting as proxy and
> > handing the LMv2
> > > response from browser to the domain controller. My program is not 
> > > encoding the LMv2 response.
> > 
> > Check you are not messing up the username and domain, which 
> are part 
> > of the response.
> > 
> > > Client browser actually sent both LMv2 and NTLMv2 
> response, I just 
> > > handed over the LMv2 response in the 
> CaseInsensitivePassword field, 
> > > while leaving the CaseSensitivePassword empty. Is this the
> > right way
> > > to do it, if I just wanted to see whether the DC will honor
> > the LMv2 response?
> > 
> > That sounds right.
> > 
> > Andrew Bartlett
> > 
> > -- 
> > Andrew Bartlett                                
> > http://samba.org/~abartlet/
> > Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
> > Authentication Developer, Samba Team           http://samba.org
> > Student Network Administrator, Hawker College  http://hawkerc.net
> >

More information about the samba-technical mailing list