[linux-cifs-client] Linux CIFS NTLMSSP mount failing against win2k8
Shirish Pargaonkar
shirishpargaonkar at gmail.com
Thu Jul 1 11:22:35 MDT 2010
On Mon, Jun 28, 2010 at 6:25 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> On Mon, 2010-06-28 at 17:47 -0500, Shirish Pargaonkar wrote:
>
>> When I look at Windows - Windows smb2 traces, the (16 bytes) signature
>> looks nothing like
>> version (which is 1), ciphertext of 8 bytes of hmac-md5, sequence number
>
> SMB2 SMB Signing does not use the NTLMSSP packet signing algorithm.
> Instead, like SMB, it takes the session key already calculated and
> applies a unique-to-SMB2 algorithm to it. This involves sha256 I
> think.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Cisco Inc.
>
I have had luck with some kernel crypto apis while working on this code.
I have been able to use arc4 and md5 hash apis successfully while
not being able to figure out hmac-md5 apis and I had not even
looked at sha, which I will.
What is confusing to me is, current cifs code using ntlmv2 within
ntlmssp authenticates and signs against Windows 2003 server
successfully/
But it does not against Windows 7 and Windows 2008 (I do not have
a Windows Vista installation). I am currently changing to code and
I am sure I would be able to authenticate using ntlmv2 within ntlmssp.
singing is what is confusing.
With smb2 client also, I can authenticate against Windows 7 and
Windows 2008 but signing fails.
So I am confused about what algorithm to use for cifs to sign
against Windows 7 and Windows 2008 server for ntlmv2 within ntlmssp
and what algorithm to use for smb2 to sign against a Windows 7
and Windows 2008 server for ntlmv2 within ntlmssp.
I have been reading and following MS-NLMP and
http://davenport.sourceforge.net/ntlm.html
More information about the samba-technical
mailing list