I try to create a SSO in a Windows Domain using NTLM and no server modules with an Apache2 server on a Linux machine which is not in the Windows domain. Don't know if this is even possible. But I show you now what I've figured out and what I've to know next.
Okay first I turned on the options that my browser (IE and FF) sends the Authorization header with the NTLM data (Message type 1). This works I get a string like:
NTLMSSP²¢1 (±USERS-PCDOMAIN
But what's next? I've to send this string to the server where my AD's running right? So my server is known as SERVER1.DOMAIN and has the IP 192.168.1.14.
With which protocol and in which way can I send now the Message Type 1 to my AD server to get the NTLM challenge message (type 2) back?
I guess I'll have to write something like this:
<?php
$fp = fsockopen("192.168.1.14", 80 /* <--- which port? */, $errno, $errstr, 30);
if (!$fp)
die("$errstr ($errno)");
fwrite($fp, $headers['Authorization'] . "
");
$ntlmChallengeData = '';
while (!feof($fp)) {
$ntlmChallengeData .= fgets($fp, 128);
}
fclose($fp);
var_dump($ntlmChallengeData); // The challenge data
But on which port does the Windows Server respond to my NTLM data?
