Regarding AUTH_CRAP and NTLMv2
Andrew Bartlett
abartlet at samba.org
Mon Jan 17 04:21:45 MST 2011
On Mon, 2011-01-17 at 16:48 +0530, Narendra Kumar S.S wrote:
> Hi Andrew,
>
>
> Thanks very much for the quick response.
> So, that explains why the AUTH_CRAP with NTLMv2 response is
> failing!
>
>
> So, is there any way to overcome this?
The best way is to simply hold the full password database on your MITM
device. ie, run Samba4 and replicate in the passwords.
It may be possible to bypass the restriction by being a trusted domain,
rather than a member server. I've not tried this however.
> Or is it possible to change the computer name hidden in the nt
> response?
No, the response includes this value in the checksum.
> Or will this work, if I have a delegated user?
I'm not sure what you mean exactly.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
More information about the samba-technical
mailing list