Kerberos 5 and NTLMv2 without SPNEGO?
lukeh at padl.com
Wed Jul 2 07:22:11 GMT 2008
> I was able to get raw NTLMSSP w/ NTLMv2 and raw Kerberos 5 working.
> Hopefully it will work reliably with all the major servers.
That's a fair concern, given that a lot of server implementations were
built from packet traces or incomplete documentation. NetApp, for
example, do not support big-endian PACs (and neither does Samba unless
that has been fixed recently).
> But I was not able to get NTLMv2 SMB signatures working. From looking
> at Samba's libsmb code the UserSessionKey calculation described in
> Eric Glass' NTLM doc is completely different. I'm getting the feeling
> that SMB just uses it's own rules (as usual).
You might take a look at the MS docs too. From memory the first 16
bytes of the Kerberos session key are used.
More information about the samba-technical