Hi Andrew,

Sorry I have one more silly question on the ntlm_auth tool:

If the username is unicode, how would the tool output it?


Thanks!
Yimin


>Date: Wed, 15 Sep 2004 18:44:31 -0700
>To: Andrew Bartlett
>From: Yimin Chen
>Subject: Re: Question on ntlm_auth tool
>Cc: samba-technical@lists.samba.org
>Bcc: =83\Projects\Authentication
>
>Hi Andrew,
>
>Thanks for your clarifications! I think I now understand it much better.
>
>So if the ntlm_auth tool is enhanced to return the group information,=20
>would it be just a list of SIDs or it could be the actual group names? If=

=20
>it will be SIDs, do we need to query the domain controllers for the=20
>groupnames, or Samba has other API we can use to do the conversion?
>
>
>Thanks!
>Yimin
>
>
>At 09:13 AM 9/14/2004 +1000, Andrew Bartlett wrote:
>>On Tue, 2004-09-14 at 08:13, Yimin Chen wrote:
>> > Hi Andrew,
>> >
>> >
>> > I still have some doubt about the ntlm_auth tool, sorry for posting so
>> > many questions. Could you please clarify them for me?
>> >
>> >
>> > 1) I see ntlm_auth has option to specify the NT/LM responses to get=

user
>> > authenticated. But if we don't parse the handshakes, but just handover
>> > to ntlm_auth tool, we won't even know which user we are authenticating.

>>
>>This is for use in different protocols, such as MSCHAP (used in PPP),
>>where we are given the username, NT and LM responses separately. This
>>is not the case for the 'blob' based form of NTLMSSP we find in HTTP.
>>
>> > So we still need to do some parsing to get username, domain, type of
>> > message, etc, right? Or anything after "Proxy Authorization: NTLM "
>> > should be passed to ntlm_auth? I am a little confused.

>>
>>Have a read of:
>>
>>http://samba.org/ftp/unpacked/lorike..._ntlm_winbind/
>>
>>and
>>
>>http://samba.org/ftp/unpacked/lorikeet/trunk/patches/
>>
>>You will see that when ntlm_auth is finished, it will tell you which
>>user was authenticated.
>>
>> > 2) When you say "blob", is the encoded string inside the authentication
>> > header you are referring to? Is there any document about NTLMSSP that I
>> > should read to understand it better? The only thing I found right now=

is
>> > from Microsoft site:
>> >
>> > "NTLMSSP, whose authentication service identifier is RPC_C_AUTHN_WINNT,
>> > is a security support provider that is available on all versions of
>> > DCOM. It uses the Microsoft=C2=AE Windows NT=C2=AE LAN Manager (NTLM)=

protocol=20
>> for
>> > authentication."

>>
>>There is actually quite a bit of information about NTLMSSP around -
>>start with http://davenport.sf.net/ntlm.html and then read the
>>references.
>>
>>Andrew Bartlett
>>
>>--
>>Andrew Bartlett abartlet@samba.org
>>Authentication Developer, Samba Team http://samba.org
>>Student Network Administrator, Hawker College abartlet@hawkerc.net