Table of contents
1. What is the NTLM protocol
2. The concept of computer group
1. What is the NTLM protocol
It is impossible to establish a trusted trust organization between computers in the workgroup, only peer-to-peer information transmission.
If host A wants to access the resources on host B, it must send an account that exists on host B to host B. After receiving it, host B will verify it locally. If the verification is successful, host A will be allowed to perform corresponding access. . The protocol used for network authentication is the NTLM protocol.
2. The concept of computer group
In a large organization, there may be hundreds or thousands of computers connected to each other to form a local area network, and they will all be listed in the "network" (My Network Places). If these computers are not grouped, the degree of confusion of the network can be imagined. In order to solve this problem, the concept of work group (Work Group) was born. Put different computers into different working groups according to their functions (or departments). For example, the computers of the technical department are all included in the "technical department" working group, and the computers of the administrative department are all included in the "administrative department" working group. To access the resources of a department, just double-click the workgroup name of the department in the "Network" to see all the computers in the department. This situation is much more orderly (especially for large LANs) than the case of no grouping.
3. Certification process
The NTLM protocol is a challenge/response (Response) based authentication mechanism that only supports Windows network authentication protocols. It is mainly divided into three steps: negotiation, challenge and verification.
3.1. Negotiation
It is for backward compatibility, to determine various information such as the version of the transmission protocol.
3.2. Inquiry
That is the main authentication step.
a. First, the client sends a username to the server, which is a user existing on the server.
b. When the server receives the request, it will check whether the user name exists locally. If it exists, it will generate a 16-bit challenge character, and then use the password corresponding to the usr stored in sam to perform NTLM encryption to generate challenge1 and send the challenge Pass it to the client client.
c. After the client receives the challenge, it encrypts it on the client side, gets a response value, and sends it to the server
d. The server receives the value of response, if it is the same as the value of challenge1, the verification is successful.
The summary here is that the server generates a random number, and both parties use this random number to encrypt the password at the same time. If the same value is obtained, the verification is successful.
3.3. Verification
That is, a verification is performed on the final result of the challenge, and access to resources is allowed after the verification is passed.