Question on NTLMv2 over SMB
Yimin Chen (ymchen)
ymchen at cisco.com
Fri Sep 2 23:11:12 GMT 2005
1) Does the username passed over SMB have to be in unicode,
even if flag2 indicates unicode not supported?
> -----Original Message-----
> From: Yimin Chen (ymchen)
> Sent: Friday, September 02, 2005 2:17 PM
> To: Andrew Bartlett
> Cc: samba-technical at lists.samba.org; Yimin Chen (ymchen)
> Subject: RE: Question on NTLMv2 over SMB
> Hi Andrew,
> I am having problem authenticating with domain controller
> even after my proxy sends back the correct target information
> about the domain controller. I have some questions that I
> would like to clarify to make sure I am doing the right thing
> and have the correct understanding of NTLMv2 algorithm.
> First of all, here is my setup:
> IE configured to use my proxy
> Proxy has NTLM authentication and will send 407 back to
> client for authentication IE performs the NTLM handshakes
> with proxy, and proxy obtains the challenage and NetBIOS
> names over SMB from domain controller, and send information
> over in type-2 message.
> IE sends LMv2 and NTLMv2 responses, and proxy sends NTLMv2 or
> LMv2 response in the CaseInsensitivePassword field (ASCII
> pasword field) over SMB to domain controller Proxy OEM flag
> is set, unicode flag not set in type-2 message
> Now my questions:
> 1) As long as I typied the username, password, and domain
> correctly in the browser pop-up, the only thing that could
> cause a incorrect LMv2 response is the NetBIOS name of the
> domain that is used in v2hash, right?
> 2) The NetBIOS name of the domain used in v2hash is obtained
> from the target information, right? Or obtained from the
> Primary Domain field in the SMB Negotiate Protocol Response,
> which is the upper case of what I typied in pop-up window? I
> compared my target information against what the domain
> controller sends back in the case of IE requesting a
> NTLM-protected object off that domain controller, and they
> are the same. I used the same username, password, domain for
> the NTLM-protected object case, and it is working fine.
> 3) So what else can be wrong in the LMv2 response?
> 4) Does the username passed over SMB have to be in unicode,
> even if flag2 indicates unicode not supported?
> > -----Original Message-----
> > From: Andrew Bartlett [mailto:abartlet at samba.org]
> > Sent: Monday, June 27, 2005 9:08 PM
> > To: Yimin Chen (ymchen)
> > Cc: samba-technical at lists.samba.org
> > Subject: Re: Question on NTLMv2 over SMB
> > On Mon, 2005-06-27 at 21:02 -0700, Yimin Chen wrote:
> > > Hi Andrew,
> > >
> > > Thanks for your response. What I was testing was pass-through
> > > authentication, so my program is acting as proxy and
> > handing the LMv2
> > > response from browser to the domain controller. My program is not
> > > encoding the LMv2 response.
> > Check you are not messing up the username and domain, which
> are part
> > of the response.
> > > Client browser actually sent both LMv2 and NTLMv2
> response, I just
> > > handed over the LMv2 response in the
> CaseInsensitivePassword field,
> > > while leaving the CaseSensitivePassword empty. Is this the
> > right way
> > > to do it, if I just wanted to see whether the DC will honor
> > the LMv2 response?
> > That sounds right.
> > Andrew Bartlett
> > --
> > Andrew Bartlett
> > http://samba.org/~abartlet/
> > Samba Developer, SuSE Labs, Novell Inc. http://suse.de
> > Authentication Developer, Samba Team http://samba.org
> > Student Network Administrator, Hawker College http://hawkerc.net
More information about the samba-technical