When providing a fully specified input to 'ntlm_auth' (Username, NT-Domain, LANMAN-Challenge, NT-Response, Request-User-Session-Key: yes), the returned user session key is invalid (should be HMAC_MD5(ResponseKeyNT, NTProofStr) as in MS-NLMP.pdf 3.3.2. The returned session key varies at every restart of winbindd even using the same input, so some shared data of the winbindd-DC session is involved.
Created attachment 3316 [details] unnecessary encoding of user session key removed Removal of the unnecessary encoding of ntlm user session key.
Created attachment 3320 [details] decrypting the original session key instead of a local copy decrypting the original session key instead of a local copy
Ooops, sorry. Had not looked at this one, sorry. This is the same one as bug 5616 which is fixed. Thanks for the patches, a similar one now went into the tree. Volker