[Samba] Using ntlm_auth to get NTLMv2 Session support from an application
Andrew Bartlett
abartlet at samba.org
Fri Apr 21 21:28:58 UTC 2017
On Fri, 2017-04-21 at 14:12 -0700, Jeremy Allison via samba wrote:
> On Wed, Apr 19, 2017 at 03:47:05PM -0400, pisymbol . wrote:
> > On Wed, Apr 19, 2017 at 1:08 PM, Jeremy Allison <jra at samba.org>
> > wrote:
> > >
> > > > Any insight, feedback into this issue would be much
> > > > appreciated.
> > >
> > > The squid program does this. Maybe look into the code they
> > > use for their integration ?
> > >
> > > http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm
> >
> >
> > Jeremy, thanks! That's exactly what I was looking at.
> >
> > So here's a better question: Can you give me a brief technical
> > explanation
> > on how this exactly works with respect to establishing a session?
> > The goal
> > is basically to have mount.davfs first establish an NTLMv2 session
> > (using
> > 128-bit encryption) and then be able to access files through it
> > using
> > standard filesystem calls.
>
> Not quickly. Probably best to look into the squid code itself
> and see how they drive it.
Also look into Wine. Kai did something very similar there a long time
ago.
Your task is fairly easy as the resulting HTTP session won't be NTLMSSP
encrypted, just authenticated with NTLMSSP, so you don't need to
involve Samba long-term, or get out encryption keys.
See the 'squid' helper modes, there is ntlmssp-client-1 that you should
use.
You can also play with NTLMSSP over mouse-buffer between that and the
squid-2.5-ntlmssp server mode. Set --password on the server and it
becomes standalone binary that does not need Samba running.
I hope this helps,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list