ntlmv2 via ntlm_auth

moore chestnut moore.43132 at gmail.com
Thu Jun 25 00:08:31 UTC 2020


I have been testing with ntlm auth and winbind and would like to confirm if
NTLMv2 responses which are extended in nature are expected to work via
ntlm_auth or via the NetrLogonSamLogonEx method in general.

By extended I mean, including a long list of attributes such as domain
name, computer name, dns details for DC and then probably some of the more
interesting ones in relation to timestamp, flags, restrictions, channel
bindings, target name - which are negotiated based on the flags during the
NTLM handshake.

I have cases passing that are NTLMv2 responses but only the domain name
attribute would be included along with the blob.

I am simply using:
/usr/local/samba/bin/ntlm_auth --username=user1 --challenge=HEXSTRING
--lm-response=HEXSTRING --nt-response=HEXSTRING

I'm not sure what the restrictions attribute is, but what about channel
bindings for example. Is that enforced or ignored on the AD DC when the
method used is NetrLogonSamLogonEx? Or is it likely to be something else?

Happy to share more details if required and would appreciate any advice.

Thank you.

More information about the samba-technical mailing list