On Fri, 12 Jul 2002, Tim Potter wrote: > On Sat, Jul 13, 2002 at 04:47:17AM +0930, Richard Sharpe wrote: > > It's actually NTLMSSP base-64 encoded in http headers. > > > There has been much discussion about this on this list and on > > #samba-technical and it may already be possible or close to possible using > > samba-head based code. > > There is a mod_ntlm_winbind the basis of which is used in squid for its > NTLMSSP support. The mod_ntlm_winbind project is currently unmaintained > and broken. > > Basically there are hooks in winbindd (through the AUTH_CRAP command) to > authenticate using a challenge and nt/lm responses. > > > It sounds like the client is doing a Windows LOGON using the previously > > computed NT HASH generated when the user logged onto the client. > > Nope. There's a challenge sent by either the server and then the client > produces a LM and NT response which is a hash of the challenge and the > user's password. This is sent to the server (in this case winbindd) for > authentication.
But the server does not have the user's password, only the NT or LM hash of the user's password, so what I think you are saying is that the respose if formed by hashing the challenge with the user's password hash? Regards ----- Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]