On Tue, Jan 28, 2003 at 08:11:54PM -0700, Vance Lankhaar wrote: > Check out Chris' book - http://www.ubiqx.org/cifs/SMB.html#SMB.8.5 > > He's got a great explanation of what we observed while looking at a few > captures. > > Also, if you would have a capture of it of the response, I'd love to > take a look at it - there's a few bytes that are still unknown.
Thanks, Vance. :) I'm interested too, of course. More below... > On Wed, 2003-01-29 at 19:57, Joey Collins wrote: > > Good evening folks, > > > > I have a WIN2K system and I am failing to authenticate to a Samba 2.2 > > installation, which I suspect is due to the weird length of Unicode > > password length in the SessionSetupAndX message. Here is my > > circumstance. > > > > On my W2K machine: > > -Run the secpol.msc management plug-in thingie. > > -Click "Local Policies" > > -Click "Security Options" > > -In the right pain, look for "LAN Manager Authentication Level" > > -Double click on this. > > -In the pull-down, set it to "Send NTLMv2 response only" > > -Commit that change. > > -Now, connect to the Samba machine. > > > > The ANSI password length in the SessionSetupAndX is 24, but in my case > > the Unicode Password Length is 78 (this is according to the latest & > > greatest ethereal built from sources yesterday). Yes, that would be correct. The 24-byte "ANSI" password is, in fact, an LMv2 response. It is a simpler version of the NTLMv2 response. The NTLMv2 response is the hash of some known data and a blob of garblage. The garblage is typically around 64 bytes, give or take a few. In your case, it appears that the blob is 62 bytes. > > When I change the setting in LAN Manager Authentication Level" back to > > the default, I can connect to Samba 2.2 using the same creds. We have had LMv2 code available for a while (thanks to the TNG folk) but there was little impetus to push ahead with it. Few people have asked. You're one of the few. :) > > I tried this on a W2K -> W2K setup (not active directory) and the same > > trace occurs, but this time, the Unicode password length was 66 (it was > > a different account/password)! Makes sense. See the link Vance provided above. That'll explain it. > > Anyone else see this? Does anyone know how the binary response of 78 > > bytes is created? Lots of zeros, it does not appear to be ASN.1 It's probably not ASN.1 but, once you know what's in there (or what *might* be in there) then it will probably make you think of NDR. I would not have recognized it, but others on the Team know this stuff so well that it's second nature. > > Have a great night, I'll do my best. :) You too. Chridz -)----- -- Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)----- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/ -)----- [EMAIL PROTECTED]