Re: [linux-cifs-client] Linux CIFS NTLMSSP mount failing against win2k8

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 28, 2010 at 6:25 PM, Andrew Bartlett <abartlet@xxxxxxxxx> wrote:
> On Mon, 2010-06-28 at 17:47 -0500, Shirish Pargaonkar wrote:
>
>> When I look at Windows - Windows smb2 traces, the (16 bytes) signature
>> looks nothing like
>> version (which is 1), ciphertext of 8 bytes of hmac-md5, sequence number
>
> SMB2 SMB Signing does not use the NTLMSSP packet signing algorithm.
> Instead, like SMB, it takes the session key already calculated and
> applies a unique-to-SMB2 algorithm to it.  This involves sha256 I
> think.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Cisco Inc.
>


I have had luck with some kernel crypto apis while working on this code.
I have been able to use arc4 and md5 hash apis successfully while
not being able to figure out hmac-md5 apis and I had not even
looked at sha, which I will.

What is confusing to me is, current cifs code using ntlmv2 within
ntlmssp authenticates and signs against Windows 2003 server
successfully/

But it does not against Windows 7 and Windows 2008 (I do not have
a Windows Vista installation). I am currently changing to code and
I am sure I would be able to authenticate using ntlmv2 within ntlmssp.
singing is what is confusing.

With smb2 client also, I can authenticate against Windows 7 and
Windows 2008 but signing fails.

So I am confused about what algorithm to use for cifs to sign
against Windows 7 and Windows 2008 server for ntlmv2 within ntlmssp
and what algorithm to use for smb2 to sign against a Windows 7
and Windows 2008 server for ntlmv2 within ntlmssp.

I have been reading and following MS-NLMP and
http://davenport.sourceforge.net/ntlm.html
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux