Re: SMTP and NTLM

• From: Amir Gheibi <gheibia@xxxxxxxxx>
• To: David Litchfield <david@xxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 11 Nov 2009 06:19:12 +0800

David,

Thanks a lot for the reply.
That's actually the document I was trying to figure out and so far this is
what I've got:


telnet 172.19.120.36 25   (the Exchange server)
ehlo 172.19.120.36
AUTH NTLM 4e544c4d535350000100000007220000060006002000000073767264623031

The hex number is made of the following information:
- NTLMSSP Signature and Type 1 Indicator: (0x4e544c4d53535000 and
0x01000000)
- Flags: (0x07220000)
Negotiate Unicode (0x00000001)
Negotiate OEM (0x00000002)
Request Target (0x00000004)
Negotiate NTLM (0x00000200)
Negotiate Workstation Supplied (0x00002000)
- Supplied Workstation Security Buffer (0x0600060020000000)
Length: 7 bytes (0x0700)
Allocated Space: 7 bytes (0x0700)
Offset: 32 bytes (0x20000000)
- Data section (workstation name "svrdb01"): 73767264623031

But in return I get the "*Authentication unsuccessful*" error.

You might have noticed that there is no information about the Domain.
That's, I think, because the Db Server is not under the same Domain as the
Exchange server. But I'm not sure how to verify that. You see, I'm new to
that network and I'm only handling the DB server.

~Amir

On Wed, Nov 11, 2009 at 6:01 AM, David Litchfield <
david@xxxxxxxxxxxxxxxxxxxx> wrote:

>  I'm using SMTP_UTIL to send emails from inside an Oracle database. It's a
>> 10gR2 running on HP Unix. Currently I'm using "AUTH LOGIN"
>> authentication method. For some reason I need to change the
>> authentication method to "NTLM". I read about NTLM and the way it works.
>> Apparently the server expects 3 encoded responses from the client. But I'm
>> not
>> sure how to implement it in an Oracle Stored Procedure. Does anyone have a
>> sample that I can use? Appreciate it.
>>
>
> A simplistic overview of NTLM goes as follows: During NTLM authentication
> the server issues a 8 byte challenge to the client. This 8 byte challenge is
> encrypted using the user's password hash and passed back to the server.
> You'll need to write code to do this. The document at the following URL
> contains Java code to do this and describes the NTLM auth process in great
> detail, including NTLM auth in SMTP: http://curl.haxx.se/rfc/ntlm.html
> HTH,
> David
>

• Follow-Ups:
  • Re: SMTP and NTLM
    • From: Amir Gheibi
  • Re: SMTP and NTLM
    • From: David Litchfield

• References:
  • SMTP and NTLM
    • From: Amir Gheibi
  • Re: SMTP and NTLM
    • From: David Litchfield

Other related posts:

• » SMTP and NTLM- Amir Gheibi
• » Re: SMTP and NTLM- David Litchfield
• » Re: SMTP and NTLM - Amir Gheibi
• » Re: SMTP and NTLM- Rich Jesse
• » Re: SMTP and NTLM- Amir Gheibi
• » Re: SMTP and NTLM- David Litchfield

1. Home
2. oracle-l
3. Archive
4. 11-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---