[Patch] Support for LDAP with GSSAPI/NTLMSSP auth scheme decoding in wireshark

Matthieu Patou mat+Informatique.Samba at matws.net
Wed Apr 29 09:15:57 GMT 2009

On 04/28/2009 06:01 PM, Stefan (metze) Metzmacher wrote:
> Stefan (metze) Metzmacher schrieb:
>> Hi Matthieu,
>>> I finally finished my patch to support NTLMSSP auth in LDAP.
>>> As metze proposed I add the option that read all the keytab that were
>>> provided, and try all the encoded password inside it.
>>> It seems to work quite well, I tried with a few keytab generated for
>>> pure "traditional" LDAP with kerberos auth and I've been able to decode
>>> (well if the keytab contains the md4(password) of the user trying to
>>> authenticate himself).
>>> I'm quite surprised that when "extracting" crypted password in a keytab
>>> they are only stored by using md4(unicode(password))) even if we ask
>>> keytab to use arc4_hmac (but I'm far from being well aware of all in
>>> kerberos ...).
>>> Concerning protocols, I tested NTLM v1 and NTLM v2, for NTLM v1 I tested
>>> mostly with extended security flags so for less secure (and maybe not
>>> anymore really used ?) scheme (like pure lan manager auth or simple nt
>>> auth) problems might still exist.
>>> It would be just great if you can provide me some feedback, in anycase
>>> my goal is to submit it to wireshark devs soon.
>> Thanks! I'll give it a try in the next days.
> Would it be possible that you base this patch on wiresharks trunk?
You mean ?


More information about the samba-technical mailing list