[Samba] Using ntlm_auth to get NTLMv2 Session support from an application

pisymbol . pisymbol at gmail.com
Wed Apr 19 15:03:34 UTC 2017


As many of you already probably know, the neon library is the workhorse for
davfs support.

However, right now, the current version of libneon has very limited support
for NTLM, particularly NTLMv2, both on the challenge/authentication side as
well as handling NTLMv2 Session Security.

There is a patch somewhere to add NTLMv2 authentication support natively
but there is zero support for NTLMv2 session security. What this means is
that if you try to mount a share using davfs and the server in question
requires 128-bit session security, libneon fails to negotiate and the mount
fails. I have at least one enterprise customer who relies on NTLMv2
exclusively (despite the fact the world has moved on to HTTPS).

Is there a way to hook up the "ntlm_auth" utility to do the heavy lifting
of authenticating/creating NTLMv2 sessions in order to mount using davfs?

I realize I maybe barking up the wrong tree, but I am trying to come up
with a way to leverage Samba's already robust support for Windows
authentication without having to duplicate the effort within libneon and
friends (I am not the maintainer but I do have an urgent desire to mount
Sharepoint shares using davfs via NTLMv2 session security).

Any insight, feedback into this issue would be much appreciated.



PS Can anyone please explain to me why all the list mail's subjects are
always prepended with [Samba]? (I manually added it to be in vogue)

More information about the samba mailing list