In implementing NT domain control for Samba, the requirement to authenticate users connecting to share that isn't on a DC just came up. The protocol works something like this:- Client accesses SMB file server requesting access to a particular share. The file server responds with an 8 byte challenge and the client replies with a 24 byte challenge response. Obviously these are transmitted in the clear. The file server not being a domain controller, forwards the challenge and response and the user name to the DC. The DC possesses the users password hash and therefore can determine whether the response is an authentic computation of the challenge. Now comes the interesting bit. If the DC authenticates the challenge response, it replies with an NT session key and an LM session key. You can read all about these session keys in:- ftp://ftp.microsoft.com/developr/drg/CIFS/CIFS-Auth-Spec.doc These session keys are encrypted with the RC4 session key between the file server and the DC. 太多啦,好累喔!!! -- You Underestimated the Dark Side of The Force 你 低估 了 黑 暗 的 力 量 -- ※ 發信站: 批踢踢實業坊(ptt.twbbs.org) ◆ From: ntumcc06.mba.ntu.edu.tw