This is a discussion on Re: Question on ntlm_auth tool - Samba ; Hi Andrew, Thanks for your clarifications! I think I now understand it much better. So if the ntlm_auth tool is enhanced to return the group information, would= =20 it be just a list of SIDs or it could be the ...
Thanks for your clarifications! I think I now understand it much better.
So if the ntlm_auth tool is enhanced to return the group information, would=
it be just a list of SIDs or it could be the actual group names? If it will=
be SIDs, do we need to query the domain controllers for the groupnames, or=
Samba has other API we can use to do the conversion?
At 09:13 AM 9/14/2004 +1000, Andrew Bartlett wrote:
>On Tue, 2004-09-14 at 08:13, Yimin Chen wrote:
> > Hi Andrew,
> > I still have some doubt about the ntlm_auth tool, sorry for posting so
> > many questions. Could you please clarify them for me?
> > 1) I see ntlm_auth has option to specify the NT/LM responses to get user
> > authenticated. But if we don't parse the handshakes, but just handover
> > to ntlm_auth tool, we won't even know which user we are authenticating.
>This is for use in different protocols, such as MSCHAP (used in PPP),
>where we are given the username, NT and LM responses separately. This
>is not the case for the 'blob' based form of NTLMSSP we find in HTTP.
> > So we still need to do some parsing to get username, domain, type of
> > message, etc, right? Or anything after "Proxy Authorization: NTLM "
> > should be passed to ntlm_auth? I am a little confused.
>Have a read of:
>You will see that when ntlm_auth is finished, it will tell you which
>user was authenticated.
> > 2) When you say "blob", is the encoded string inside the authentication
> > header you are referring to? Is there any document about NTLMSSP that I
> > should read to understand it better? The only thing I found right now is
> > from Microsoft site:
> > "NTLMSSP, whose authentication service identifier is RPC_C_AUTHN_WINNT,
> > is a security support provider that is available on all versions of
> > DCOM. It uses the Microsoft=C2=AE Windows NT=C2=AE LAN Manager (NTLM)=
> > authentication."
>There is actually quite a bit of information about NTLMSSP around -
>start with http://davenport.sf.net/ntlm.html and then read the
>Andrew Bartlett firstname.lastname@example.org
>Authentication Developer, Samba Team http://samba.org
>Student Network Administrator, Hawker College email@example.com