Closed fengyingkong closed 1 year ago
If the server initiated authentication using SPNEGO, the buffer MUST contain a token as produced by the GSS protocol as specified in section 3.2.4.2.3. If the client initiated authentication, see section 2.2.4, the buffer SHOULD<28> contain a token as produced by an authentication protocol of the client's choice.
i see the buff content is not match ntlm document:
ntlm document start with ntlmssp, I don't know what went wrong. https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/b34032e5-3aae-4bc6-84c3-c6d80eadf7f2
I'm not sure what your question is... Or what you're trying to discern... It might be that due to the LE encoding (Little Endian first) the toStrings make no sense? Look at the bytes to see what's actually in there and work from that
look the picture , there are something before the NTLMSSP character. but the document display startWith the Signature contain the NTLLMSSP. Why it's not the same.
* In the context of this class only the <em>NegTokenInit</em> is covered.
* <p/>
* <ul>
* <li>When an InitToken is sent, it is prepended by the generic GSSAPI header.</li>
* <li>The "mech" field of the GSSAPI header is always set to the SPNEGO OID (1.3.6.1.5.5.2)</li>
* <li>The negTokenInit will have a lead byte of <code>0xa0</code> (the CHOICE tagged object).</li>
* </ul>
You're confusing the NtlmNegotiate
with the NegTokenInit
. The NtlmNegotiate
which is serialized 5 lines higer, does start with NTLMSSP\0
, then we wrap that in the NegTokenInit
which adds a whole lot of ASN.1 stuff in front of it.
why adds a whole lot of ASN.1 stuff in front of NtlmNegotiate. i can not find related documents.
Instead of questioning my implementation, could you please ask a proper question on: A. What you are trying to achieve B. What's not working
The code is pretty hardened and has been tested against a variety of SMB implementations, e.g. Samba, Windows different versions.
The spec you're looking for is this one: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-spng/8e71cf53-e867-4b79-b5b5-38c92be3d472?source=recommendations
It's: MS-SMB2 --authenticates_using_api--> MS-SPNG --uses_protocol--> MS-NLMP
Thank you very much. I am implementing the smb server, in an open source project base to do secondary development. In addition the smbj can support kerberos?
Let's take this discussion / q&a session somewhere else than my bug tracker.
which support ntlm v1 or ntlm v2?