[Samba] Using ntlm_auth to get NTLMv2 Session support from an application

Jeremy Allison jra at samba.org
Wed Apr 19 17:08:53 UTC 2017


On Wed, Apr 19, 2017 at 11:03:34AM -0400, pisymbol . via samba wrote:
> Hello:
> 
> As many of you already probably know, the neon library is the workhorse for
> davfs support.
> 
> However, right now, the current version of libneon has very limited support
> for NTLM, particularly NTLMv2, both on the challenge/authentication side as
> well as handling NTLMv2 Session Security.
> 
> There is a patch somewhere to add NTLMv2 authentication support natively
> but there is zero support for NTLMv2 session security. What this means is
> that if you try to mount a share using davfs and the server in question
> requires 128-bit session security, libneon fails to negotiate and the mount
> fails. I have at least one enterprise customer who relies on NTLMv2
> exclusively (despite the fact the world has moved on to HTTPS).
> 
> Is there a way to hook up the "ntlm_auth" utility to do the heavy lifting
> of authenticating/creating NTLMv2 sessions in order to mount using davfs?
> 
> I realize I maybe barking up the wrong tree, but I am trying to come up
> with a way to leverage Samba's already robust support for Windows
> authentication without having to duplicate the effort within libneon and
> friends (I am not the maintainer but I do have an urgent desire to mount
> Sharepoint shares using davfs via NTLMv2 session security).
> 
> Any insight, feedback into this issue would be much appreciated.

The squid program does this. Maybe look into the code they
use for their integration ?

http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm



More information about the samba mailing list