[Samba] Using ntlm_auth to get NTLMv2 Session support from an application
Jeremy Allison
jra at samba.org
Wed Apr 19 17:08:53 UTC 2017
On Wed, Apr 19, 2017 at 11:03:34AM -0400, pisymbol . via samba wrote:
> Hello:
>
> As many of you already probably know, the neon library is the workhorse for
> davfs support.
>
> However, right now, the current version of libneon has very limited support
> for NTLM, particularly NTLMv2, both on the challenge/authentication side as
> well as handling NTLMv2 Session Security.
>
> There is a patch somewhere to add NTLMv2 authentication support natively
> but there is zero support for NTLMv2 session security. What this means is
> that if you try to mount a share using davfs and the server in question
> requires 128-bit session security, libneon fails to negotiate and the mount
> fails. I have at least one enterprise customer who relies on NTLMv2
> exclusively (despite the fact the world has moved on to HTTPS).
>
> Is there a way to hook up the "ntlm_auth" utility to do the heavy lifting
> of authenticating/creating NTLMv2 sessions in order to mount using davfs?
>
> I realize I maybe barking up the wrong tree, but I am trying to come up
> with a way to leverage Samba's already robust support for Windows
> authentication without having to duplicate the effort within libneon and
> friends (I am not the maintainer but I do have an urgent desire to mount
> Sharepoint shares using davfs via NTLMv2 session security).
>
> Any insight, feedback into this issue would be much appreciated.
The squid program does this. Maybe look into the code they
use for their integration ?
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm
More information about the samba
mailing list