Fwd: [PATCH] cifs: Fix broken sec=ntlmv2/i sec mount option for Samba server
Shirish Pargaonkar
shirishpargaonkar at gmail.com
Wed Aug 24 19:39:27 MDT 2011
On Tue, Aug 23, 2011 at 11:34 PM, Christopher R. Hertel <crh at samba.org> wrote:
> The official explanation of what actually goes in those blobs and how the
> information is handled wasn't available until roughly 2 years ago, and it's
> buried in dense verbiage. My guess is that no one has had time nor cause to
> review NTLMv2 blob handling--which is now somewhat outdated--since the
> documentation finally became available.
>
> Note also that Microsoft uses very different terminology than we do. I
> think most of the names we use are from the work Eric Glass did as part of
> Davenport (which is still cited as expert information).
>
> Microsoft (Obaid) has posted two blog entries, the first of which is a
> mapping from Eric's :
>
> https://blogs.msdn.com/b/openspecification/archive/2010/11/15/ntlm-terminology-ms-nlmp-vs-http-davenport-sourceforge-net-ntlm-html.aspx
> https://blogs.msdn.com/b/openspecification/archive/2010/04/20/ntlm-keys-and-sundry-stuff.aspx
>
> Jeremy Allison wrote:
>> On Tue, Aug 23, 2011 at 08:41:12PM -0500, Steve French wrote:
>>> Wonder why we had the time in that field if Samba doesn't accept it
>>> but Windows does - is this a server bug?
>>
>> Maybe - can you send a debug level 10 log when the server
>> fails to accept your blob so we can see why ?
>>
>> Thanks,
>>
>> Jeremy.
>
> --
> "Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
> Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
> jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
> ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
> OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
In MS-NTLM document, in 3.3.2,
>Define ComputeResponse(NegFlg, ResponseKeyNT, ResponseKeyLM, CHALLENGE_MESSAGE.ServerChallenge, ClientChallenge, Time, ServerName) as
Set temp to ConcatenationOf(Responserversion, HiResponserversion,
Z(6), Time, ClientChallenge, Z(4), ServerName, Z(4))
I think this is the blob part. Not sure where/how/which av pairs figure in.
Regards,
Shirish
More information about the samba-technical
mailing list