NTLM Authentication, Part Server / Domain Controller

[Michel777]

Dear members,

in the document http://msdn.microsoft.com/en-us/library/aa378749.aspx# is
described how the NTLM authentication

works. We have our own client (written in java) and a server with api for
autehtication. The server has all the

necessary data for authentication (see below).

The question: how to send

* User name
* Challenge sent to the client
* Response received from the client

to the domain controller ? Is there any libraries (perhaps in java) or is
there a description how to build the

request (http ?).

Thanks in advance,

Michel

 

[S. Pidgorny]

Re: NTLM Authentication, Part Server / Domain Controller

Can you please describe what the server application and the client are?
Some context would help. Without additional info I'd say that JVM will
prompt for credentials.

--
Svyatoslav Pidgorny, MCSE, RHCE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

Michel777 wrote:
> Dear members,
>
> in the document http://msdn.microsoft.com/en-us/library/aa378749.aspx# is
> described how the NTLM authentication
>
> works. We have our own client (written in java) and a server with api for
> autehtication. The server has all the
>
> necessary data for authentication (see below).
>
> The question: how to send
>
> * User name
> * Challenge sent to the client
> * Response received from the client
>
> to the domain controller ? Is there any libraries (perhaps in java) or is
> there a description how to build the
>
> request (http ?).
>
> Thanks in advance,
>
> Michel

 

[Michel777]

Re: NTLM Authentication, Part Server / Domain Controller

Client: Java application (self developed) running on Windows XP
Server: Sybase Mobilink Server with Java API for Authentication

Scenario:

(1) User logs on Windows XP and authenticates againts NT-Domain
(2) User starts a Java application
(3) from that Java application will be started the Sybase Mobilink Client
(DB-Synch)
(4) The MobiLink client communicates with the Sybase MobiLink Server via
HTTP(S) and it is possible to send our own data (e.g. username, NT hash
password,...)
(5) Sybase Mobilink Server is a standalone Java Application and has an API
for the Authentication. Th Server is running either on Windows or Linux
Server (not decided yet, but most probably on Linux)
(6) in this API the user have to be authenticated againts the Domain.

There is technically no problem to authenticate the user via LDAP againts
the Domain. BUT: LDAP requires password in cleartext. And it is MUST
requirement toauthenticate WITHOUT requireing password.

Second sceanrio:

(1) user logs on Windows XP locally (because the Xp box is not connected to
the company Network "directly").
(1a) user connects to the company Network via VPN
(2) the same....

The solution should be work in that scenario too.

I hope that helps. Please don't hesitate to ask me for further detail.

Thank you in advance for your support !

Michel





"S. Pidgorny" wrote:

> Can you please describe what the server application and the client are?
> Some context would help. Without additional info I'd say that JVM will
> prompt for credentials.
>
> --
> Svyatoslav Pidgorny, MCSE, RHCE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
> Michel777 wrote:
> > Dear members,
> >
> > in the document http://msdn.microsoft.com/en-us/library/aa378749.aspx# is
> > described how the NTLM authentication
> >
> > works. We have our own client (written in java) and a server with api for
> > autehtication. The server has all the
> >
> > necessary data for authentication (see below).
> >
> > The question: how to send
> >
> > * User name
> > * Challenge sent to the client
> > * Response received from the client
> >
> > to the domain controller ? Is there any libraries (perhaps in java) or is
> > there a description how to build the
> >
> > request (http ?).
> >
> > Thanks in advance,
> >
> > Michel
>