4.1 NTLM Pass-Through Authentication
Figure 2: NTLM pass-through authentication
The user logs on to the computer desktop (labeled Client) by typing in the user name and password. Client sends an NTLM NEGOTIATE_MESSAGE ([MS-NLMP] section 184.108.40.206) to request authentication to the server.
The server sends an NTLM CHALLENGE_MESSAGE ([MS-NLMP] section 220.127.116.11) to the client.
The client responds to the challenge by signing it with its key and sending the response in an NTLM AUTHENTICATE_MESSAGE ([MS-NLMP] section 18.104.22.168) to the server.
The server forwards the client's response to the domain controller in a NETLOGON_NETWORK_INFO message.
The domain controller verifies the signature on the response, and returns the result to the server in a NETLOGON_VALIDATION_SAM_INFO4 message. If the verification is successful, the message contains the user's PAC with the authorization data. If the verification is unsuccessful, logon is denied.