[Samba] NTLM authoriaztion & Samba (and other SMB-compatible) servers.

Andrew Bartlett abartlet at pcug.org.au
Mon Apr 8 07:22:04 GMT 2002

Lev Serebryakov wrote:
> Hello Andrew,
> Monday, April 08, 2002, 4:19:48 PM, you wrote:
>   Sorry, send previous message too fast :)
> AB> The best way (particuarly given the GPL nature of all open-source SMB
> AB> implementations on Unix) is to use winbindd.  Winbind has a command that
> AB> can allow you to specify both the challange and the response and to
> AB> forward these to a remote domain controller.
>    I think, I'll look at winbindd code. I don't think, it is so hard
>    to implement :)

Its best incarnation is in HEAD CVS on pserver.samba.org.  

wbinfo is a good sample client.

> AB> BTW, what is your NTLM module implemeting?  NTLMSSP?  I know of 3
> AB> existing implementations of this - we need to get these togeather if at
> AB> all possible - the current situation is just silly.
>   what implementations does you know? I've tried to find "NTLM
>   {plugin|mehcanism} for SASL" with Google, and could not find any --
>   only words about ``how it is great to have plugins -- we could write
>   any mechanism, even this evil NTLM'' and other like this.



Samba's 2 internal versions

I think there is somthing in fetchmail (client)

The problem is that NTLMSSP isn't a simple as it looks.  There are a
miriad of options and flags.  Users can send you both LM and/or NT
passwords, and we don't even know how to get NTLMv2 talking properly. 
Users can request sign/seal and a pile of other stuff too.  

MS puts NTLMSSP over almost everything - thats becouse they have a
simple NTLMSPP engine in one spot, we need to match them.  This is one
of the pet issues of Luke Leigthon.  See my various discussions with him
in the archives.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list