Regarding AUTH_CRAP and NTLMv2
Narendra Kumar S.S
ssnkumar at gmail.com
Mon Jan 17 02:53:45 MST 2011
Hi,
I am trying to write a program, which does AUTH_CRAP and gets the
session key.
With NTLMv1, the AUTH_CRAP gets a successful response and can get the
session key.
But, with NTLMv2, the AUTH_CRAP fails.
For doing this experiment, my setup is like this.
1. I have a windows 2003R2 server with AD/DC.
2. I am running winbindd on my Ubuntu box and execute smbclient from
there.
3. I capture the network trace and copy the challenge, lm response, nt
response, encrypted password, username, domainname and workstation name.
I am putting all this info in the request packet and sending to
winbindd - this is done from a third computer running Centos 5.4 (this m/c
has also joined the domain using net ads join and running winbindd).
If the nt response is of length 24 (that is NTLMv1), the AUTH_CRAP
returns a success.
If the nt response is greater than 24 (that is NTLMv2), the AUTH_CRAP
returns a failure.
So, does Windows 2003R2 server expects any other information other than
the things that I am sending?
How can NTLMv2 fail, while NTLMv1 succeeds!?
Warm Regards,
Narendra
Visit my blogs at:
http://ssnarendrakumar.blogspot.com/
___ ___ __ _
/ __/ / __/ / | / /
_\ \ _ \ \ / /| |/ /
\___/ \___/ /_/ |__/
More information about the samba-technical
mailing list