Open jbakermk opened 3 years ago
I do not know, never tried this. I guess it uses the same protocol, so I think you should be able to try that.
So I've had a good look at this problem. The issue seems to lie in the NtlmAuthenticator code, which doesn't know how to deal with a type 3 token sent by the browser. A NETLOGON is required at this point.
The relevant Liferay NTLM code is here. Does this look like it could be transplanted to smbj?
_netlogonConnection.connect(
_domainController, _domainControllerName, _ntlmServiceAccount,
_secureRandom);
NetlogonAuthenticator netlogonAuthenticator =
netlogonConnection.computeNetlogonAuthenticator();
NetlogonIdentityInfo netlogonIdentityInfo =
new NetlogonIdentityInfo(
domain, 0x00000820, 0, 0, userName, workstation);
NetlogonNetworkInfo netlogonNetworkInfo = new NetlogonNetworkInfo(
netlogonIdentityInfo, serverChallenge, ntResponse, lmResponse);
NetrLogonSamLogon netrLogonSamLogon = new NetrLogonSamLogon(
_domainControllerName, _ntlmServiceAccount.getComputerName(),
netlogonAuthenticator, new NetlogonAuthenticator(), 2,
netlogonNetworkInfo, 2, new NetlogonValidationSamInfo(), 0);
DcerpcHandle dcerpcHandle = netlogonConnection.getDcerpcHandle();
dcerpcHandle.sendrecv(netrLogonSamLogon);
if (netrLogonSamLogon.getStatus() == 0) {_
Reading the NtlmAuthenticator code, it looks rather like it could authenticate NTLM tokens sent by browsers during the SPNEGO process. Is this possible?