win2k3 to win98

Christopher R. Hertel crh at
Sun Jul 1 21:39:13 GMT 2007

seatec wrote:
> Hi Chris,
> thanks for your reply. When I first read it I thought "he wants me to
> rtfm. great reply". I have (and also read) your book and done my fare
> share of basic cifs auth coding. I know the davenport site, but I didnt
> know the ms link. That one was nice, and finally helped me find the
> solution.

Well...  From your message I didn't see that you were clear on the
distinctions between the hash types and I thought you might want/need to
read that material.  I'm glad the ms link was useful.

> Where winxp(and earlier) uses the plaintext --(DES)--> LM hash
> --(DES)--> Ntlm hash scheme, Win2k3 uses the passwords md4 hash
> --(DES)--> Ntlm hash. So the first step is different, the second is not.

I'd like to get a clearer explanation here.  The NTLM hash is never created
using DES.  It is always done using MD4.  Above, you have the NTLM has being
derived from the LM hash.  Do you mean the NTLM response?  What you have
there doesn't describe any scheme I know.

> What really confused me is that winxp and win2k3 sent exactly the same
> packet, but a different password hash, and both actually worked.

The password hash is *never* sent.  The information sent to the server is
the encryption of the challenge (called the "response").  On older systems,
the first field is typically the LM response (the challenge encrypted using
the LM hash) and the second field is typically the NTLM response (the
challenge encrypted using the NTLM hash).

In some cases (if the client has been configured to not send the LM
response) the first and second field will both contain the NTLM response.

If more advanced authorization is required, then the client will send the
LMv2 response in the first field and the (very large) NTLMv2 response in the
second field.

Beyond that we get into "Extended Security" which is probably beyond what
you are trying to work on.

> Thanks for pointing that ms link out to me. It's sunday night and I
> spent many hours on this problem this weekend. Seeing it solved before
> the time ran out(too busy during the week) made my day(well, night).

Hope it helps.

Chris -)-----

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team --     -)-----   Christopher R. Hertel
jCIFS Team --   -)-----   ubiqx development, uninq.
ubiqx Team --     -)-----   crh at
OnLineBook --    -)-----   crh at

More information about the samba-technical mailing list