Re: SMTP and NTLM

• From: Amir Gheibi <gheibia@xxxxxxxxx>
• To: David Litchfield <david@xxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 11 Nov 2009 06:22:33 +0800

Sorry.. A small mistake in my email:

the hex value is:

4e544c4d535350000100000007220000070007002000000070747064623031

So, basically, the "Supplied Workstation Security Buffer" is:
0x0700070020000000

~Amir

On Wed, Nov 11, 2009 at 6:19 AM, Amir Gheibi <gheibia@xxxxxxxxx> wrote:

> David,
>
> Thanks a lot for the reply.
> That's actually the document I was trying to figure out and so far this is
> what I've got:
>
>
> telnet 172.19.120.36 25   (the Exchange server)
> ehlo 172.19.120.36
> AUTH NTLM 4e544c4d535350000100000007220000060006002000000073767264623031
>
> The hex number is made of the following information:
> - NTLMSSP Signature and Type 1 Indicator: (0x4e544c4d53535000 and
> 0x01000000)
> - Flags: (0x07220000)
> Negotiate Unicode (0x00000001)
> Negotiate OEM (0x00000002)
> Request Target (0x00000004)
> Negotiate NTLM (0x00000200)
> Negotiate Workstation Supplied (0x00002000)
> - Supplied Workstation Security Buffer (0x0600060020000000)
> Length: 7 bytes (0x0700)
> Allocated Space: 7 bytes (0x0700)
> Offset: 32 bytes (0x20000000)
> - Data section (workstation name "svrdb01"): 73767264623031
>
> But in return I get the "*Authentication unsuccessful*" error.
>
> You might have noticed that there is no information about the Domain.
> That's, I think, because the Db Server is not under the same Domain as the
> Exchange server. But I'm not sure how to verify that. You see, I'm new to
> that network and I'm only handling the DB server.
>
> ~Amir
>
> On Wed, Nov 11, 2009 at 6:01 AM, David Litchfield <
> david@xxxxxxxxxxxxxxxxxxxx> wrote:
>
>>  I'm using SMTP_UTIL to send emails from inside an Oracle database. It's a
>>> 10gR2 running on HP Unix. Currently I'm using "AUTH LOGIN"
>>> authentication method. For some reason I need to change the
>>> authentication method to "NTLM". I read about NTLM and the way it works.
>>> Apparently the server expects 3 encoded responses from the client. But
>>> I'm not
>>> sure how to implement it in an Oracle Stored Procedure. Does anyone have
>>> a
>>> sample that I can use? Appreciate it.
>>>
>>
>> A simplistic overview of NTLM goes as follows: During NTLM authentication
>> the server issues a 8 byte challenge to the client. This 8 byte challenge is
>> encrypted using the user's password hash and passed back to the server.
>> You'll need to write code to do this. The document at the following URL
>> contains Java code to do this and describes the NTLM auth process in great
>> detail, including NTLM auth in SMTP: http://curl.haxx.se/rfc/ntlm.html
>> HTH,
>> David
>>
>
>

• References:
  • SMTP and NTLM
    • From: Amir Gheibi
  • Re: SMTP and NTLM
    • From: David Litchfield
  • Re: SMTP and NTLM
    • From: Amir Gheibi

Other related posts:

• » SMTP and NTLM- Amir Gheibi
• » Re: SMTP and NTLM- David Litchfield
• » Re: SMTP and NTLM- Amir Gheibi
• » Re: SMTP and NTLM- Rich Jesse
• » Re: SMTP and NTLM - Amir Gheibi
• » Re: SMTP and NTLM- David Litchfield

1. Home
2. oracle-l
3. Archive
4. 11-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---