[Patch] Support for LDAP with GSSAPI/NTLMSSP auth scheme decoding in wireshark

Stefan (metze) Metzmacher metze at samba.org
Wed Apr 29 09:47:05 GMT 2009

Matthieu Patou schrieb:
> On 04/28/2009 06:01 PM, Stefan (metze) Metzmacher wrote:
>> Stefan (metze) Metzmacher schrieb:
>>> Hi Matthieu,
>>>> I finally finished my patch to support NTLMSSP auth in LDAP.
>>>> As metze proposed I add the option that read all the keytab that were
>>>> provided, and try all the encoded password inside it.
>>>> It seems to work quite well, I tried with a few keytab generated for
>>>> pure "traditional" LDAP with kerberos auth and I've been able to decode
>>>> (well if the keytab contains the md4(password) of the user trying to
>>>> authenticate himself).
>>>> I'm quite surprised that when "extracting" crypted password in a keytab
>>>> they are only stored by using md4(unicode(password))) even if we ask
>>>> keytab to use arc4_hmac (but I'm far from being well aware of all in
>>>> kerberos ...).
>>>> Concerning protocols, I tested NTLM v1 and NTLM v2, for NTLM v1 I
>>>> tested
>>>> mostly with extended security flags so for less secure (and maybe not
>>>> anymore really used ?) scheme (like pure lan manager auth or simple nt
>>>> auth) problems might still exist.
>>>> It would be just great if you can provide me some feedback, in anycase
>>>> my goal is to submit it to wireshark devs soon.
>>> Thanks! I'll give it a try in the next days.
>> Would it be possible that you base this patch on wiresharks trunk?
> You mean ?

Sorry, I was just to stupid to apply the patch,
I'm testing it now...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20090429/42ae61db/signature.bin

More information about the samba-technical mailing list