[Samba] NTLM protocol question

Markus Moeller huaraz at moeller.plus.com
Sat Nov 24 20:51:07 UTC 2018 

Hi Samba team,

    Could someone point me to a documentation which describes which NTLM flag combination in type 1 & 2 create which type 3 response. As far as I read MS has the following client/DC configuration combinations.

      Send LM & NTLM responses Clients use LM and NTLM authentication, and never use NTLMv2 session security;  
     DCs accept LM, NTLM, and NTLMv2 authentication. 
      Send LM & NTLM - use NTLMv2 session security if negotiated Clients use LM and NTLM authentication, and use NTLMv2 session security if server supports it; 
     DCs accept LM, NTLM, and NTLMv2 authentication. 
      Send NTLM response only Clients use NTLM authentication only, and use NTLMv2 session security if server supports it;  
     DCs accept LM, NTLM, and NTLMv2 authentication. 
      Send NTLMv2 response only Clients use NTLMv2 authentication only, and use NTLMv2 session security if server supports it;  
     DCs accept LM, NTLM, and NTLMv2 authentication. 
      Send NTLMv2 response only\refuse LM Clients use NTLMv2 authentication only, and use NTLMv2 session security if server supports it;  
     DCs refuse LM (accept only NTLM and NTLMv2 authentication). 
      Send NTLMv2 response only\refuse LM & NTLM Clients use NTLMv2 authentication only, and use NTLMv2 session security if server supports it;  
     DCs refuse LM and NTLM (accept only NTLMv2 authentication). 



but I can’t find a clear relation to the flags used during the NTLM type 1 & 2 exchange e.g. which of the flags need to be set in type 2 in particular to determine the response in type 3.

e.g. does DCs refuse LM (accept only NTLM and NTLMv2 authentication). mean Negotiate Lan Manager Key = 0, Negotiate NTLM key = 1 and Negotiate Extended Security = 1 
     
      Negotiate 56 
      Negotiate Key Exchange 
      Negotiate 128 
      Negotiate 0x10000000 
      Negotiate 0x08000000 
      Negotiate 0x04000000 
      Negotiate Version 
      Negotiate 0x01000000 
      Negotiate Target Info 
      Request Non-NT Session 
      Negotiate 0x00200000 
      Negotiate Identify 
      Negotiate Extended Security 
      Target Type Share 
      Target Type Server 
      Target Type Domain 
      Negotiate Always Sign 
      Negotiate 0x00004000 
      Negotiate OEM Workstation Supplied 
      Negotiate OEM Domain Supplied 
      Negotiate Anonymous 
      Negotiate NT Only 
      Negotiate NTLM key 
      Negotiate 0x00000100 
      Negotiate Lan Manager Key 
      Negotiate Datagram 
      Negotiate Seal 
      Negotiate Sign 
      Request 0x00000008 
      Request Target 
      Negotiate OEM 
      Negotiate UNICODE 



Thank you 
Markus

More information about the samba mailing list