[Samba] Using ntlm_auth to get NTLMv2 Session support from an application
pisymbol at gmail.com
Sat Apr 22 17:41:10 UTC 2017
On Fri, Apr 21, 2017 at 5:28 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> On Fri, 2017-04-21 at 14:12 -0700, Jeremy Allison via samba wrote:
> > Not quickly. Probably best to look into the squid code itself
> > and see how they drive it.
> Also look into Wine. Kai did something very similar there a long time
I like red! Not so much white.
Your task is fairly easy as the resulting HTTP session won't be NTLMSSP
> encrypted, just authenticated with NTLMSSP, so you don't need to
> involve Samba long-term, or get out encryption keys.
Right, but clarification Andrew: What do you mean the resultant session
won't be NTLMSSP encrypted? I thought that was the whole point of NTLMv2
> See the 'squid' helper modes, there is ntlmssp-client-1 that you should
That's what I figured.
> You can also play with NTLMSSP over mouse-buffer between that and the
> squid-2.5-ntlmssp server mode. Set --password on the server and it
> becomes standalone binary that does not need Samba running.
It does, but I need to understand the flow better on how I can funnel mount
davfs traffic through it (I thought originally this could be done using
upcall but that doesn't make sense - I think).
I do appreciate the feedback gentlemen.
More information about the samba