[Samba] NTLMv1 v. NTLMv2 ; more than one "identity" on a TCP
connection
Simo Sorce
idra at samba.org
Tue Dec 31 09:44:00 GMT 2002
On Tue, 2002-12-31 at 05:21, Joey Collins wrote:
> Hello,
> Two questions for you this evening.
>
> How do you tell the difference between NTLMv1-style authentication and
> NTLMv2 style? The CIFS dialect NT LM 0.12 does both(?), so does not
> appear in the NegProtRequest message (nor in the flags, near as I could
> tell). Do you ascertain this by examining the SessionSetupAndX
> message? If so, what parts?
I let andrew answer NTLM related questions :)
> Is it possible to have more than one CIFS "identity" on a TCP
> connection? For example, say I open a TCP connection, authenticate
> myself using NegProt/SessionSetupAndX/etc exchanges as user "foo"
> password "bar", can I also establish another identity (i.e., do another
> SessionSetupAndX exchange?) say, "hello" password "world" on the _same_
> TCP connection?
Yes it is possible, and it is what terminal servers do by default.
> This seems to be enforced on the client-side because if
> you try to connect to a share on a computer using a different identity,
> it complains saying already connected. But, nothing comes over the
> wire, so it is purely a client-internal decision.
This is a really stupid client issue.
In my opinion a password caching issue in that it seem a win client
associate a password with a machine name. I tried successfully to
connect to the same machine with 2 identities using netbios name in
first connection and ip number on the second (not sure it works on all
MS OSs).
Simo.
--
Simo Sorce - idra at samba.org
Samba Team - http://www.samba.org
Italian Site - http://samba.xsec.it
More information about the samba
mailing list