I did this
I used the latest curl Version to authenticate against a porxy with --proxy-ntlm. The proxy was joined to AD which only accepts secure NTLMv2.
Internet Explorer NTLM exchange looks like:
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==\r\n
IE(McAfee) NTLM type 2
Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAAAAAAAAFgomgTynGuLy0QXwAAAAAAAAAAAAAAAAAAAAA\r\n
IE NTLM type 3
[truncated]Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAIQAAABoAGgAnAAAAAYABgBYAAAADAAMAF4AAAAaABo......
Curl NTLM exchange is:
curl NTLM type 1
Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=\r\n
curl (McAfee) NTLM type 2
Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAAAAAAAAGgokAXmf7HuqyuFEAAAAAAAAAAAAAAAAAAAAA\r\n
Curl type 3
Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAMAAwBwAAAABg......
The difference can be seen in the typ3 response
A change in lib/vauth/ntlm.c
#if defined(USE_NTRESPONSES) && defined(USE_NTLM_V2)
I expected the following
I expected successful authentication, but received a rejection.
The text was updated successfully, but these errors were encountered:
Ok. I am just reading https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/[MS-NLMP].pdf to understand the NTLM flags and which of them could indicate the use of the existing codes sections.