Subject: SASL NTLM LDAP Authentication Traffic
Author: authen
Posted on: 08/12/2006 06:13:03 PM
Here is a practical NTLM authentication example via LDAP
Server: AD on Windows Server 2003
Client: JNDI client
1. Client --> Server
Bind Request {
Message Id: 98
Message Type: Bind Request (0x60)
Message Length: 57 (0x84 00 00 00 39)
Version: 3 (0x02 01 03)
DN: (null) (0x04 00)
Auth Type: SASL (0xa3 84 00 00 00 2e)
Mechanism: GSS-SPNEGO (0x04 0a 47 53 53 2d 53 50 4e 45 47 4f)
Creds: (0x04 20) {
NTLMSSP: 0x4e 54 4c 4d 53 53 50 00
Type 1 Msg: 0x01 00 00 00
Flags: 0x07 82 00 a0
Host: 0x00 00 00 00 00 00 00 00
Domain: 0x00 00 00 00 00 00 00 00
}
}
Bind Response {
Message Id: 98
Message Type: Bind Result (0x01)
Message Length: 249
Result Code: saslBindInProgress (0x0e)
Matched DN: (null)
Error Message: (null)
GSS-API Generic Security Service Application Program Interface
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_CHALLENGE (0x00000002)
Domain: MYDOMAIN
Flags: 0x80818205
NTLM Challenge: 7B522978AA396392
Reserved: 0000000000000000
Address List
Length: 162
Maxlen: 162
Offset: 76
Domain NetBIOS Name: MYDOMAIN
Server NetBIOS Name: mydomiancontroller
Domain DNS Name: mydomain.com
Server DNS Name: mydomiancontroller.mydomain.com
List Terminator
LDAP Message, Bind Request
Message Id: 99
Message Type: Bind Request (0x00)
Message Length: 203
Response In: 99
Version: 3
DN: (null)
Auth Type: SASL (0x03)
Mechanism: GSS-SPNEGO
GSS-API Generic Security Service Application Program Interface
NTLMSSP
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_AUTH (0x00000003)
Lan Manager Response: FC05E52BADD77A678ACDC719287160E5DBD7D6D6B5E5A12C
NTLM Response: 927D62DC561C63158B0A2AB728B2A4EADE816AD2432C66DA
Domain name: USERDOMAIN.COM
User name: myname
Host name: myhost
Session Key: Empty
Flags: 0x80808205
Bind Result{
Message Id: 99
Message Type: Bind Result (0x01)
Message Length: 27
Result Code: success (0x00)
Matched DN: (null)
Error Message: (null)
References:
