Hi
Thanks in advance. I know my question below is not really related with samba but I'm really confused, and you guys are expert on windows authentication, I really hope you have patience to read this and I'll appreciate any of your help. I learned a lot from this post http://lists.samba.org/archive/jcifs/2008-October/008227.html. I know that a "man in the middle" technique, like 'JCIFS NTLM HTTP Authentication Filter', will not work when using NTLMv2 and the only technique is using NetLogon. Am I right? Besides, a 'TargetInfo' field is necessary to calculate NTLMv2 response. However, I'm reading a proxy code these days and did some test on it. It uses the MITM technique, that is so say, proxy returns the challenge of SMB server(win2003 AD) to browser. just like what 'JCIFS NTLM HTTP Authentication Filter' does. Proxy uses 'SMB_COM_NEGOTIATE' and 'SMB_COM_SESSION_SETUP_ANDX' command to communicate with windows AD. The topology is like this: browser-------------------proxy-------------------------win2003 AD NTLMv1 works fine and make sense indeed. But I find that NTLMv2 works when using win2k3 AD, unexpectedly. This doesn't make sense. using wireshark, I found that in 'Negoticate Flags', 'Negoticate Targe Info' field is not set. and NTLMv2 response is like this: NTLMv2 Response: D99AF0F6AE2B97..... HMAC: D99AF0F6AE2B97... Header: 0x00000101 Reserved: 0x00000000 Time: Feb 3, 2013 15:26:32.562500000 Unknown: 0x00000000 Name: NetBIOS domain name Name type: NetBIOS domain name(2) Name Len: 0 Name: Name: End of list The target info field just has one item with empty value... This is really confused me. Is it a bug of win2k3 AD and make use of the bug?? When I'm using win2k8 AD, NTLMv2 doesn't work. Win2k8 AD returns an 'Invalid Parameter' message in 'SMB_COM_SESSION_SETUP_ANDX' response messge. BTY, the OS is win2k3 R2 Enterprise SP2 and win2k8 R2 Enterprise SP1. Thanks again. Derek. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
