4.1 NTLM Pass-Through Authentication

NTLM pass-through authentication

Figure 2: NTLM pass-through authentication

  1. The user logs on to the computer desktop (labeled Client) by typing in the user name and password. Client sends an NTLM NEGOTIATE_MESSAGE ([MS-NLMP] section 2.2.1.1) to request authentication to the server.

  2. The server sends an NTLM CHALLENGE_MESSAGE ([MS-NLMP] section 2.2.1.2) to the client.

  3. The client responds to the challenge by signing it with its key and sending the response in an NTLM AUTHENTICATE_MESSAGE ([MS-NLMP] section 2.2.1.3) to the server.

  4. The server forwards the client's response to the domain controller in a NETLOGON_NETWORK_INFO message.

  5. The domain controller verifies the signature on the response, and returns the result to the server in a NETLOGON_VALIDATION_SAM_INFO4 message. If the verification is successful, the message contains the user's PAC with the authorization data. If the verification is unsuccessful, logon is denied.