[pptp-server] Authentication using SMB for MS-CHAP
Justin Kreger
jkreger at avidsolutionsinc.com
Thu Dec 14 07:06:08 CST 2000
OK, Over the last few months, I, and many others have expressed intrest in
authenticating off of NT boxen over a network. To our displeasure, no such
patch exists. Within the last month, I have been communicating with others
on if we could patch pppd somehow to get it to authenticate off of a NT
server. The idea was proposed that we use libsmb. So I took a look at the
smb pam mod, which seems to have its own smb library with it.
Below I will post my notes on the smb_auth.c file from pamsmbd.
Due to work, school, and the fact I never really learned C or C++ to any
extent, I am forced to ask for help in this endever, and to have some
questions answered.
I think that right now, we could adapt some code from pamsmbd and use it to
authenticate off of a NT server. But this raises some questions.
1. In the pppsmb (authentication off of the samba passwd file) patched
version of pppd, where dose pppd decide that the hash that is being
sumbitted is real and good?
2. It appears that pamsmbd is designed to take a cleartext passwd and
encrypt it, Can we change this?
3. What exactly do we need to be sending a NT server to login? Just the
hash? What dose pppd get from a connecting client? a login and then a
password hash?
If I am not totally insane, I think that we could just take the hash that
the remote computer is submitting, and then go and use that to see if it
works with logging into a NT server.
What do you guys think? Can this be done? I think it can with a little
effort.
Smb_auth.c:
The login function returns this:
0 = sucess
1/2 = error
3 = not loged in
queue_user talks to pamsmbd with username, passwd, domain
pamsmbd:
they seem to all be functions
smbwork.c:
con#=SMB_Connect_Server: gets null,pimary, and domain
is primary the server name or ip?
it is a char, servername
SMB_Negotiate: gets con #, and protos (refer to file for array)
SMB_Logon_Server:sends a conn #, username, then pass
is a function, return the number
SMB_Logoff_Server: recvs con numi
note:
check to see if crypt is performed
also, may want to see exactly what is passed, just the hash? Can we just
send the hash?
--------------------------
Justin Kreger, MCSE
Network Administrator
Avid Solutions Inc.
More information about the pptp-server
mailing list