question regarding NTLM authentication
Murali Bashyam
mbcoder at gmail.com
Tue May 23 22:48:11 GMT 2006
On 5/23/06, Stefan (metze) Metzmacher <metze at samba.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Murali Bashyam schrieb:
> > I am investigating the samba4.0 code to see if it can act as a
> > authentication proxy device sitting in the middle between a CIFS client
> and
> > server. It performs pass-through NTLM authentication with the CIFS
> client (
> > i.e samba machine as a server,
>
> I think we don't have pass-through auth working fully in samba4 yet.
>
> > talking to the NT domain controller), and
> > next turning around acting on behalf of that logged in user as a client
> > towards the actual CIFS server.
> >
> > Is there anyway to accomplish this in the samba4.0 code base? If so, can
> > someone point me to the relevant code?
>
> you should look at ntvfs/cifs/
>
> it provides a file share and proxy requests to another server.
> but there're some issues with multiple SMB session on one SMB tree
> connect.
I understand the code in ntvfs/cifs from a filesystem point of view,
i.ebeing able to do open/read/write/close CIFS operations and beyond.
>From an
authentication point of view, can we also proxy the negprot and session
setups requests to another server in an async manner i.e make the samba
machine transparent to the NTLM authentication. I didn't see this kind of
code in that directory, but maybe i missed something there.
Alternatively, can we use the SAMLogon protocol (MS-RPC based) to obtain the
NThash of the password of the logged in user, and then use that to
participate in the NTLM challenge/response towards the actual server? We can
assume that the machine running samba is a trusted machine in that domain
etc.
Murali
but you should play with it a bit...
>
> metze
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
>
> iD8DBQFEc2QBm70gjA5TCD8RAtKcAJ0cI5fX3WWyb7j2/WjiqSjgLSGwnACfTULn
> GZohW66bQpWDi1NBPYQZ8zo=
> =AbR+
> -----END PGP SIGNATURE-----
>
More information about the samba-technical
mailing list