Hello Max,
Thanks for providing the information that fast.
Some questions: the debug output shows lengths of 0 for username and
domain, was it manually removed from the debug output, or are these the
original lengths?
Other question: do you have a non-domain account that you could try
authenticating with? NTLMv2 is a bit different when using a non-domain
account vs a domain account, I'd like to see if the issue is limited to
domain accounts.
Most of the authentication completes successfully, but the server doesn't
like the AUTHENTICATE_MESSAGE which contains a bunch of cryptographic
responses.
Is there anything special with your server-side setup? Are you using
session redirection, etc?
Best regards,
- Marc-Andre
On Sun, Nov 20, 2011 at 4:05 PM, Max Nemo <max2...@list.ru> wrote:
> Hello Marc-André,
>
> Thank you for your quick response. The build was done with the following
> parameters:
>
> cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=~/Temp/frdp
> -DWITH_PCSC=ON -DWITH_DEBUG_NLA=ON .
>
> Here is the information you requested from the output (nothing was cut, as
> the test account and TS were used):
>
>
> loading plugin rdpdr
> connected to 192.168.190.118:3389
> negotiateFlags "0x60088235"{
> NTLMSSP_NEGOTIATE_56
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_REQUEST_NON_NT_SESSION_KEY
> NTLMSSP_TARGET_TYPE_DOMAIN
> NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_OEM
> }
> NEGOTIATE_MESSAGE (length = 32)
> 0000 4e 54 4c 4d 53 53 50 00 01 00 00 00 35 82 08 60 NTLMSSP.....5..`
> 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>
> negotiateFlags "0x82356289"{
> NTLMSSP_NEGOTIATE_56
> NTLMSSP_REQUEST_NON_NT_SESSION_KEY
> NTLMSSP_TARGET_TYPE_SERVER
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED
> NTLMSSP_NEGOTIATE_DATAGRAM
> NTLMSSP_NEGOTIATE_UNICODE
> }
> targetName (length = 10, offset = 56)
> 0000 56 00 44 00 43 00 53 00 50 00 V.D.C.S.P.
>
> targetInfo (length = 180, offset = 66)
> 0000 02 00 0a 00 56 00 44 00 43 00 53 00 50 00 01 00 ....V.D.C.S.P...
> 0010 18 00 57 00 49 00 4e 00 32 00 30 00 30 00 38 00 ..W.I.N.2.0.0.8.
> 0020 52 00 32 00 58 00 36 00 34 00 04 00 1c 00 76 00 R.2.X.6.4.....v.
> 0030 64 00 63 00 73 00 70 00 2e 00 76 00 64 00 61 00 d.c.s.p...v.d.a.
> 0040 74 00 61 00 2e 00 72 00 75 00 03 00 36 00 57 00 t.a...r.u...6.W.
> 0050 69 00 6e 00 32 00 30 00 30 00 38 00 52 00 32 00 i.n.2.0.0.8.R.2.
> 0060 78 00 36 00 34 00 2e 00 76 00 64 00 63 00 73 00 x.6.4...v.d.c.s.
> 0070 70 00 2e 00 76 00 64 00 61 00 74 00 61 00 2e 00 p...v.d.a.t.a...
> 0080 72 00 75 00 05 00 1c 00 76 00 64 00 63 00 73 00 r.u.....v.d.c.s.
> 0090 70 00 2e 00 76 00 64 00 61 00 74 00 61 00 2e 00 p...v.d.a.t.a...
> 00a0 72 00 75 00 07 00 08 00 e1 22 bb 0a d0 a7 cc 01 r.u......"......
> 00b0 00 00 00 00 ....
>
> CHALLENGE_MESSAGE (length = 238)
> 0000 4e 54 4c 4d 53 53 50 00 02 00 00 00 0a 00 0a 00 NTLMSSP.........
> 0010 38 00 00 00 35 82 89 62 da 25 0b 83 2a de e5 b1 8...5..b.%..*...
> 0020 00 00 00 00 00 00 00 00 b4 00 b4 00 42 00 00 00 ............B...
> 0030 06 01 b0 1d 00 00 00 0f 56 00 44 00 43 00 53 00 ........V.D.C.S.
> 0040 50 00 02 00 0a 00 56 00 44 00 43 00 53 00 50 00 P.....V.D.C.S.P.
> 0050 01 00 18 00 57 00 49 00 4e 00 32 00 30 00 30 00 ....W.I.N.2.0.0.
> 0060 38 00 52 00 32 00 58 00 36 00 34 00 04 00 1c 00 8.R.2.X.6.4.....
> 0070 76 00 64 00 63 00 73 00 70 00 2e 00 76 00 64 00 v.d.c.s.p...v.d.
> 0080 61 00 74 00 61 00 2e 00 72 00 75 00 03 00 36 00 a.t.a...r.u...6.
> 0090 57 00 69 00 6e 00 32 00 30 00 30 00 38 00 52 00 W.i.n.2.0.0.8.R.
> 00a0 32 00 78 00 36 00 34 00 2e 00 76 00 64 00 63 00 2.x.6.4...v.d.c.
> 00b0 73 00 70 00 2e 00 76 00 64 00 61 00 74 00 61 00 s.p...v.d.a.t.a.
> 00c0 2e 00 72 00 75 00 05 00 1c 00 76 00 64 00 63 00 ..r.u.....v.d.c.
> 00d0 73 00 70 00 2e 00 76 00 64 00 61 00 74 00 61 00 s.p...v.d.a.t.a.
> 00e0 2e 00 72 00 75 00 07 00 08 00 e1 22 bb 0a ..r.u......"..
>
> targetInfo (populated) (length = 180)
> 0000 02 00 0a 00 56 00 44 00 43 00 53 00 50 00 01 00 ....V.D.C.S.P...
> 0010 18 00 57 00 49 00 4e 00 32 00 30 00 30 00 38 00 ..W.I.N.2.0.0.8.
> 0020 52 00 32 00 58 00 36 00 34 00 04 00 1c 00 76 00 R.2.X.6.4.....v.
> 0030 64 00 63 00 73 00 70 00 2e 00 76 00 64 00 61 00 d.c.s.p...v.d.a.
> 0040 74 00 61 00 2e 00 72 00 75 00 03 00 36 00 57 00 t.a...r.u...6.W.
> 0050 69 00 6e 00 32 00 30 00 30 00 38 00 52 00 32 00 i.n.2.0.0.8.R.2.
> 0060 78 00 36 00 34 00 2e 00 76 00 64 00 63 00 73 00 x.6.4...v.d.c.s.
> 0070 70 00 2e 00 76 00 64 00 61 00 74 00 61 00 2e 00 p...v.d.a.t.a...
> 0080 72 00 75 00 05 00 1c 00 76 00 64 00 63 00 73 00 r.u.....v.d.c.s.
> 0090 70 00 2e 00 76 00 64 00 61 00 74 00 61 00 2e 00 p...v.d.a.t.a...
> 00a0 72 00 75 00 07 00 08 00 e1 22 bb 0a d0 a7 cc 01 r.u......"......
> 00b0 00 00 00 00 ....
>
> Password (length = 26)
> 0000 51 00 61 00 6c 00 31 00 30 00 32 00 39 00 33 00 Q.a.l.1.0.2.9.3.
> 0010 38 00 34 00 37 00 35 00 36 00 8.4.7.5.6.
>
> Username (length = 0)
>
> Domain (length = 0)
>
> NTOWFv2, NTLMv2 Hash
> 0000 4c 94 98 66 e6 93 0a 66 71 31 94 2b cb 21 ca 49 L..f...fq1.+.!.I
>
> NTLMv2 Response Temp Blob
> 0000 01 01 00 00 00 00 00 00 00 10 d7 f4 c6 a7 cc 01 ................
> 0010 b4 b9 57 d9 52 05 d9 62 00 00 00 00 02 00 0a 00 ..W.R..b........
> 0020 56 00 44 00 43 00 53 00 50 00 01 00 18 00 57 00 V.D.C.S.P.....W.
> 0030 49 00 4e 00 32 00 30 00 30 00 38 00 52 00 32 00 I.N.2.0.0.8.R.2.
> 0040 58 00 36 00 34 00 04 00 1c 00 76 00 64 00 63 00 X.6.4.....v.d.c.
> 0050 73 00 70 00 2e 00 76 00 64 00 61 00 74 00 61 00 s.p...v.d.a.t.a.
> 0060 2e 00 72 00 75 00 03 00 36 00 57 00 69 00 6e 00 ..r.u...6.W.i.n.
> 0070 32 00 30 00 30 00 38 00 52 00 32 00 78 00 36 00 2.0.0.8.R.2.x.6.
> 0080 34 00 2e 00 76 00 64 00 63 00 73 00 70 00 2e 00 4...v.d.c.s.p...
> 0090 76 00 64 00 61 00 74 00 61 00 2e 00 72 00 75 00 v.d.a.t.a...r.u.
> 00a0 05 00 1c 00 76 00 64 00 63 00 73 00 70 00 2e 00 ....v.d.c.s.p...
> 00b0 76 00 64 00 61 00 74 00 61 00 2e 00 72 00 75 00 v.d.a.t.a...r.u.
> 00c0 07 00 08 00 e1 22 bb 0a d0 a7 cc 01 00 00 00 00 ....."..........
>
> ClientChallenge
> 0000 b4 b9 57 d9 52 05 d9 62 ..W.R..b
>
> ServerChallenge
> 0000 da 25 0b 83 2a de e5 b1 .%..*...
>
> SessionBaseKey
> 0000 58 d8 57 93 8d 29 83 73 eb f4 d6 d3 9b 1e dc e6 X.W..).s........
>
> KeyExchangeKey
> 0000 58 d8 57 93 8d 29 83 73 eb f4 d6 d3 9b 1e dc e6 X.W..).s........
>
> ExportedSessionKey
> 0000 81 3e fe b4 6a 28 d5 7f d3 7c 90 d4 0e e3 17 27 .>..j(...|.....'
>
> RandomSessionKey
> 0000 81 3e fe b4 6a 28 d5 7f d3 7c 90 d4 0e e3 17 27 .>..j(...|.....'
>
> ClientSignKey
> 0000 3d c0 1f cb 2a c8 07 bc 9d da 4b 4d 6f ed 75 c9 =...*.....KMo.u.
>
> ClientSealingKey
> 0000 ce 6d ea 48 53 9a f7 92 9c 43 9f 85 a3 d3 15 47 .m.HS....C.....G
>
> Timestamp
> 0000 00 10 d7 f4 c6 a7 cc 01 ........
>
> negotiateFlags "0x60088235"{
> NTLMSSP_NEGOTIATE_56
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_REQUEST_NON_NT_SESSION_KEY
> NTLMSSP_TARGET_TYPE_DOMAIN
> NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_OEM
> }
> UserName (length = 0, offset = 64)
>
> LmChallengeResponse (length = 24, offset = 64)
> 0000 e8 2c 04 c4 c4 58 10 36 1b 0d b0 21 3f ef bf c7 .,...X.6...!?...
> 0010 b4 b9 57 d9 52 05 d9 62 ..W.R..b
>
> NtChallengeResponse (length = 224, offset = 88)
> 0000 19 24 7a 98 86 d8 3f 67 21 a6 94 06 d9 39 09 b9 .$z...?g!....9..
> 0010 01 01 00 00 00 00 00 00 00 10 d7 f4 c6 a7 cc 01 ................
> 0020 b4 b9 57 d9 52 05 d9 62 00 00 00 00 02 00 0a 00 ..W.R..b........
> 0030 56 00 44 00 43 00 53 00 50 00 01 00 18 00 57 00 V.D.C.S.P.....W.
> 0040 49 00 4e 00 32 00 30 00 30 00 38 00 52 00 32 00 I.N.2.0.0.8.R.2.
> 0050 58 00 36 00 34 00 04 00 1c 00 76 00 64 00 63 00 X.6.4.....v.d.c.
> 0060 73 00 70 00 2e 00 76 00 64 00 61 00 74 00 61 00 s.p...v.d.a.t.a.
> 0070 2e 00 72 00 75 00 03 00 36 00 57 00 69 00 6e 00 ..r.u...6.W.i.n.
> 0080 32 00 30 00 30 00 38 00 52 00 32 00 78 00 36 00 2.0.0.8.R.2.x.6.
> 0090 34 00 2e 00 76 00 64 00 63 00 73 00 70 00 2e 00 4...v.d.c.s.p...
> 00a0 76 00 64 00 61 00 74 00 61 00 2e 00 72 00 75 00 v.d.a.t.a...r.u.
> 00b0 05 00 1c 00 76 00 64 00 63 00 73 00 70 00 2e 00 ....v.d.c.s.p...
> 00c0 76 00 64 00 61 00 74 00 61 00 2e 00 72 00 75 00 v.d.a.t.a...r.u.
> 00d0 07 00 08 00 e1 22 bb 0a d0 a7 cc 01 00 00 00 00 ....."..........
>
> EncryptedRandomSessionKey (length = 16, offset = 312)
> 0000 ed 15 6c 46 c5 a3 40 a9 19 2c 4d 3d 97 76 5b 06 ..lF..@..,M=.v[.
>
> AUTHENTICATE_MESSAGE (length = 328)
> 0000 4e 54 4c 4d 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP.........
> 0010 40 00 00 00 e0 00 e0 00 58 00 00 00 00 00 00 00 @.......X.......
> 0020 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 @.......@.......
> 0030 40 00 00 00 10 00 10 00 38 01 00 00 35 82 08 60 @.......8...5..`
> 0040 e8 2c 04 c4 c4 58 10 36 1b 0d b0 21 3f ef bf c7 .,...X.6...!?...
> 0050 b4 b9 57 d9 52 05 d9 62 19 24 7a 98 86 d8 3f 67 ..W.R..b.$z...?g
> 0060 21 a6 94 06 d9 39 09 b9 01 01 00 00 00 00 00 00 !....9..........
> 0070 00 10 d7 f4 c6 a7 cc 01 b4 b9 57 d9 52 05 d9 62 ..........W.R..b
> 0080 00 00 00 00 02 00 0a 00 56 00 44 00 43 00 53 00 ........V.D.C.S.
> 0090 50 00 01 00 18 00 57 00 49 00 4e 00 32 00 30 00 P.....W.I.N.2.0.
> 00a0 30 00 38 00 52 00 32 00 58 00 36 00 34 00 04 00 0.8.R.2.X.6.4...
> 00b0 1c 00 76 00 64 00 63 00 73 00 70 00 2e 00 76 00 ..v.d.c.s.p...v.
> 00c0 64 00 61 00 74 00 61 00 2e 00 72 00 75 00 03 00 d.a.t.a...r.u...
> 00d0 36 00 57 00 69 00 6e 00 32 00 30 00 30 00 38 00 6.W.i.n.2.0.0.8.
> 00e0 52 00 32 00 78 00 36 00 34 00 2e 00 76 00 64 00 R.2.x.6.4...v.d.
> 00f0 63 00 73 00 70 00 2e 00 76 00 64 00 61 00 74 00 c.s.p...v.d.a.t.
> 0100 61 00 2e 00 72 00 75 00 05 00 1c 00 76 00 64 00 a...r.u.....v.d.
> 0110 63 00 73 00 70 00 2e 00 76 00 64 00 61 00 74 00 c.s.p...v.d.a.t.
> 0120 61 00 2e 00 72 00 75 00 07 00 08 00 e1 22 bb 0a a...r.u......"..
> 0130 d0 a7 cc 01 00 00 00 00 ed 15 6c 46 c5 a3 40 a9 ..........lF..@.
> 0140 19 2c 4d 3d 97 76 5b 06 .,M=.v[.
>
> Public Key (length = 270)
> 0000 30 82 01 0a 02 82 01 01 00 c8 27 34 51 23 7f 42 0.........'4Q#.B
> 0010 dd 38 b7 8d 30 c2 df 00 65 79 c1 37 f6 d0 ab 7f .8..0...ey.7....
> 0020 b9 81 0e 0a 3e 65 b3 ff 06 ca a1 94 26 31 e1 a1 ....>e......&1..
> 0030 02 01 19 4a be 2c 33 7d 67 43 00 6a 6c d9 b4 ca ...J.,3}gC.jl...
> 0040 d5 70 95 d9 68 9f da 2e 75 89 0d 62 22 29 17 ba .p..h...u..b")..
> 0050 18 4f 78 8f 16 fd 64 3d c8 0b 08 01 25 2e 81 3f .Ox...d=....%..?
> 0060 2d 6d 6e 62 c6 ce 54 86 fe af 4f 23 09 58 be b9 -mnb..T...O#.X..
> 0070 94 e0 36 82 ca 81 71 cb 6a fc 5e cf 78 fa 5d 28 ..6...q.j.^.x.](
> 0080 f5 80 5a d1 ef 8b 7d 23 79 5f 12 9e 0e fe af f9 ..Z...}#y_......
> 0090 7f 3e ec 7a 1b 2b 54 9b 53 f4 5c 5b 65 ee 6c f5 .>.z.+T.S.\[e.l.
> 00a0 7d 7a 22 1b a5 8e c8 57 1a 5b fb 98 e2 d8 81 8d }z"....W.[......
> 00b0 4e ed c2 d6 c3 ba 3b 33 f2 e9 4d e8 f9 b3 1b ea N.....;3..M.....
> 00c0 fa b7 1d 41 ae b9 54 17 5a 82 ca 9c 91 4a 1d ed ...A..T.Z....J..
> 00d0 b1 ec 9b 60 42 20 ea 33 d2 c5 a4 24 76 14 d7 25 ...`B .3...$v..%
> 00e0 4b 09 91 1f 4f 9b 9c 14 8d 8f 24 bc 97 9c e5 71 K...O.....$....q
> 00f0 13 eb f7 5a ff 2a 03 62 ea 36 02 46 73 35 a0 1c ...Z.*.b.6.Fs5..
> 0100 a9 7b 0e 7f 16 0a 8f d0 6f 02 03 01 00 01 .{......o.....
>
> Encrypted Public Key (length = 270)
> 0000 e9 85 b8 73 f3 82 13 d8 fa 39 35 1b 9c fb 9a bc ...s.....95.....
> 0010 8a 9a 66 7c 5c c1 07 6d 83 ef c0 de 0c 38 b1 d8 ..f|\..m.....8..
> 0020 c2 b2 df 29 ea 70 c4 e4 d1 b2 b4 ae 69 ca 3e bb ...).p......i.>.
> 0030 ef 5b e2 85 b8 07 f9 4a 6b 41 64 c6 b9 8b 52 45 .[.....JkAd...RE
> 0040 17 b3 d0 25 27 0b 93 45 70 7f b7 28 6a ea 50 61 ...%'..Ep..(j.Pa
> 0050 f4 74 85 df 4e 2b 72 74 b1 50 ae 60 96 9f 50 4d .t..N+rt.P.`..PM
> 0060 53 5c c0 dd 8a a3 89 80 6f 4e 2a de 51 b4 3e 09 S\......oN*.Q.>.
> 0070 11 d5 61 80 31 f1 1a 9f b9 83 42 ba 92 a5 07 5f ..a.1.....B...._
> 0080 76 2d e9 e0 b5 d8 ed 8c 88 21 76 9d 91 36 03 30 v-.......!v..6.0
> 0090 9e f2 d3 d2 f1 76 25 8a 6a 42 ff 45 62 17 31 1b .....v%.jB.Eb.1.
> 00a0 78 b9 1a 7c 39 20 6c 78 9e d4 5e 10 42 b5 9a 8e x..|9 lx..^.B...
> 00b0 8c f5 64 e5 9f 47 e3 f2 9f 46 59 37 b4 98 00 86 ..d..G...FY7....
> 00c0 07 4e 11 b2 c1 aa e9 f4 79 9d 2b c3 27 f6 04 1d .N......y.+.'...
> 00d0 8e fa 30 bb 53 9f 5d c6 65 02 b3 0d ab e4 53 66 ..0.S.].e.....Sf
> 00e0 d3 86 33 10 55 1e f7 e2 dc ab 07 65 92 d0 17 bc ..3.U......e....
> 00f0 9d 40 39 7c 96 0a 6b 33 71 2e 40 bb 53 06 98 57 .@9|..k3q.@.S..W
> 0100 1e 7b da 1e 27 75 31 7e 81 21 4b 23 9c a9 .{..'u1~.!K#..
>
> Signature
> 0000 01 00 00 00 1f cc e6 1c 45 11 14 47 00 00 00 00 ........E..G....
>
> SSL_read: Failure in SSL library (protocol error?)
> Authentication failure, check credentials.
> If credentials are valid, the NTLMSSP implementation may be to blame.
>
>
> The domain and user name, along with the password, seem to be correct -
> exactly as they were entered.
>
> Best regards,
> Maxim
>
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Freerdp-devel mailing list
Freerdp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
