Check out Chris' book - http://www.ubiqx.org/cifs/SMB.html#SMB.8.5
He's got a great explanation of what we observed while looking at a few captures. Also, if you would have a capture of it of the response, I'd love to take a look at it - there's a few bytes that are still unknown. Vance Lankhaar On Wed, 2003-01-29 at 19:57, Joey Collins wrote: > Good evening folks, > > I have a WIN2K system and I am failing to authenticate to a Samba 2.2 > installation, which I suspect is due to the weird length of Unicode > password length in the SessionSetupAndX message. Here is my > circumstance. > > On my W2K machine: > -Run the secpol.msc management plug-in thingie. > -Click "Local Policies" > -Click "Security Options" > -In the right pain, look for "LAN Manager Authentication Level" > -Double click on this. > -In the pull-down, set it to "Send NTLMv2 response only" > -Commit that change. > -Now, connect to the Samba machine. > > The ANSI password length in the SessionSetupAndX is 24, but in my case > the Unicode Password Length is 78 (this is according to the latest & > greatest ethereal built from sources yesterday). > > When I change the setting in LAN Manager Authentication Level" back to > the default, I can connect to Samba 2.2 using the same creds. > > I tried this on a W2K -> W2K setup (not active directory) and the same > trace occurs, but this time, the Unicode password length was 66 (it was > a different account/password)! > > Anyone else see this? Does anyone know how the binary response of 78 > bytes is created? Lots of zeros, it does not appear to be ASN.1 > > Have a great night, > > Joey.
