NTLM Authentication

Drawing
NTLM Authentication flow
  • Client to Application Server (Negotiation Message): The client sends a negotiation message containing the username to the application server.

  • Application Server to Client (Challenge Message): The application server responds with a challenge message that includes a random number (nonce).

  • Client to Application Server (Authentication Message): The client uses the received random number to compute an NTLM hash and sends an authentication message back to the application server containing the NTLM hash.

  • Application Server to Domain Controller (Verify Message): The application server forwards the random number (nonce), username, and NTLM hash to the domain controller to verify the credentials.

  • Domain Controller to Application Server (Approve Message): The domain controller checks the NTLM hash and responds to the application server with an approve or deny message based on the authentication outcome.

  • Application Server to Client: The application server informs the client whether the authentication was successful (approve) or unsuccessful (deny).

Last updated