Re: NTLMSSP and NTLMv2

2002-08-27 Thread Jim McDonough


It looks like the recent changes to 'correct' NTLMSSP have broken NTLMv2
in some way - Probably in much the same way that we suddenly got LM
based session keys once we got the rest correct.
Works fine for me, but I'm the first to admit I'm not sure how to verify
I'm really using NTLMv2.  The samba logs seem to indicate it, and I set it
in my security policy (and it's the effective policy).

In particular, it seems that the feilds in the NTLMSSP challange packet
may have been re-ordered (Netbios name, domain name etc).
Reordering doesn't matter (though Samba generates the same order my win2k
systems do) because each address has a tag to identify what type it is.

Can you give this a look, and try out NTLMv2 to a Samba PDC?
At first glance, mine works...let me know how to properly verify it...


Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074
USA

[EMAIL PROTECTED]
[EMAIL PROTECTED]

Phone: (207) 885-5565
IBM tie-line: 776-9984





NTLMSSP and NTLMv2

2002-08-26 Thread Andrew Bartlett

It looks like the recent changes to 'correct' NTLMSSP have broken NTLMv2
in some way - Probably in much the same way that we suddenly got LM
based session keys once we got the rest correct.

In particular, it seems that the feilds in the NTLMSSP challange packet
may have been re-ordered (Netbios name, domain name etc).

Can you give this a look, and try out NTLMv2 to a Samba PDC?

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net