Web lists-archives.com

Re: [Samba] Using ntlm_auth to get NTLMv2 Session support from an application




On Fri, Apr 21, 2017 at 5:28 PM, Andrew Bartlett <abartlet@xxxxxxxxx> wrote:

> On Fri, 2017-04-21 at 14:12 -0700, Jeremy Allison via samba wrote:
> > Not quickly. Probably best to look into the squid code itself
> > and see how they drive it.
>
> Also look into Wine.  Kai did something very similar there a long time
> ago.
>

I like red! Not so much white.

Your task is fairly easy as the resulting HTTP session won't be NTLMSSP
> encrypted, just authenticated with NTLMSSP, so you don't need to
> involve Samba long-term, or get out encryption keys.
>

Right, but clarification Andrew: What do you mean the resultant session
won't be NTLMSSP encrypted? I thought that was the whole point of NTLMv2
session security.


>
> See the 'squid' helper modes, there is ntlmssp-client-1 that you should
> use.
>
>
That's what I figured.


> You can also play with NTLMSSP over mouse-buffer between that and the
> squid-2.5-ntlmssp server mode.  Set --password on the server and it
> becomes standalone binary that does not need Samba running.


It does, but I need to understand the flow better on how I can funnel mount
davfs traffic through it (I thought originally this could be done using
upcall but that doesn't make sense - I think).

I do appreciate the feedback gentlemen.

-aps
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba