0

as you know NTLM authenticate has following step:

  1. (Interactive authentication only) A user accesses a client computer and provides a domain name, user name, and password. The client computes a cryptographic hash of the password and discards the actual password.

  2. The client sends the user name to the server (in plaintext).

  3. The server generates a 16-byte random number, called a challenge or nonce, and sends it to the client.

  4. The client encrypts this challenge with the hash of the user’s password and returns the result to the server. This is called the response.

  5. The server sends the following three items to the domain controller:

◦User name

◦Challenge sent to the client

◦Response received from the client

  1. The domain controller uses the user name to retrieve the hash of the user’s password from the Security Account Manager database. It uses this password hash to encrypt the challenge.

  2. The domain controller compares the encrypted challenge it computed (in step 6) to the response computed by the client (in step 4). If they are identical, authentication is successful.

my question is how can i send username, challenge, response (step 5) to domain controller to validate it in node.js? i see some library such as express-ntlm and passport-ntlm but these library don't have config to pass certificate to connect to domain controller..

hossein derakhshan
  • 771
  • 2
  • 10
  • 23
  • 1
    This sounds like an [XY Problem](http://meta.stackexchange.com/questions/66377/what-is-the-xy-problem). Q: What exactly do you want to do? Do you just want to "authenticate" so that your Node script can access some Windows resource? – paulsm4 Dec 25 '16 at 05:36
  • hi @paulsm4.sry im sorry about bad question..this is my first question in stackoverflow..i done step 1 to 4 and in step 5 i want to send username, Challenge,Response code to domain controller to authenticate but i dont know how can i send it to domain controller.. – hossein derakhshan Dec 25 '16 at 05:48
  • You seem to want to (re)implement NTLM yourself. Unless you absolutely need to - for some reason you're not telling us - *DON'T*!!! Consider a library like this: [Is it possible to use Windows integrated auth without IIS?](http://stackoverflow.com/questions/36505009/is-it-possible-to-use-windows-integrated-auth-without-iis). Or consider just shelling out a "net use" command in your Node.JS script. – paulsm4 Dec 25 '16 at 06:35
  • thank you @paulsm4 for you're answer but those library such as express-ntlm and node-sspi dont have config to pass certificate to connect to domain controller and i need to pass certificate..actually i cant connect to my domain controller without certificate (because of security reason) thats why i have to re(impelement) NTLM.. do you know any information or reference to authenticate with NTLM method (username, chalange, reponse) with "net" command? – hossein derakhshan Dec 25 '16 at 09:10
  • 1
    I still think you're making this a lot harder on yourself than it needs to be :( But please check these links: [Kerberos authentication in Node.js](http://stackoverflow.com/questions/20098912/kerberos-authentication-in-node-js-https-get-or-https-request), https://nodejs.org/api/tls.html, [Windows Integrated Authentication in node.js Client](http://stackoverflow.com/questions/13949163/windows-integrated-authentication-in-node-js-client) – paulsm4 Dec 25 '16 at 18:33

0 Answers0