Closed spbFrogPirate closed 1 year ago
jborean93
commented
1 year ago This scenario on Windows just calls the native SSPI C library on Windows with the credentials you've specified. More specifically it's the SEC_WINNT_AUTH_IDENTITY_W. If the domain fields in the NTLM message is set to WORK then it sounds like it's SSPI itself that's appending the information. Is there a problem with your scenario or just a general observation?
spbFrogPirate
commented
1 year ago Not a problem, but there is a difference in how authorization works. For example, in C# and pywin32, domain information is not added, by default, if it is not in the username. And now it is necessary to register the domain.
jborean93
commented
1 year ago This is ultimately behaviour of SSPI we can't really change anything in there. You can request the client to use the pure Python NTLM provider with spnego.client(..., options=spnego.NegotiateOptions.use_ntlm). This has no hooks into SSPI and can only use the information you provide. The downside is it won't work for any implicit user and is NTLM only.
And now it is necessary to register the domain.
What do you mean by this sorry?
spbFrogPirate
commented
1 year ago What do you mean by this sorry?
Adding to username "domain" for example write spnego.client("domain\\usertn", "password", protocol="ntlm"), it's works
Thanks for the help
If on Windows logon under domain user create spnego.client without domain name, it create authenticate_message with domain name, in example it's "W.O.R.K."
client = spnego.client("usertn", "password", protocol="ntlm")authenticate_message = TlRMTVNTUAADAAAAGAAYAHYAAAAYABgAjgAAAAgACABYAAAADAAMAGAAAAAKAAoAbAAAABAAEACmAAAANYKI4goAYUoAAAAPW4OUot4KTNozXx/Eu5pL1FcATwBSAEsAdQBzAGUAcgB0AG4ATQBFAEwAUwBTAOZ3ylREhelQAAAAAAAAAAAAAAAAAAAAAB66cLYVo1UpKQq9wMwdUb7ItKRjyqIYPuwwNBqVOkjzdhZIyj8bDgE=