FW: [Samba] NTLMv2 in Samba 3.0

Stefan Metzmacher stefan.metzmacher at metzemix.de
Thu Nov 6 12:05:25 GMT 2003 

Chu, Dan [IT] wrote:

>Dear Samba Gurus,
>I posted below question yesterday to the general audience without getting any feedback. Hope some of you could shed a light here as we are required to use NTLMv2 for Samba user authentication. 
>
>Thanks a lot in advance.
>Dan 
>
>-----Original Message-----
>From: Chu, Dan [IT] 
>Sent: Thursday, October 23, 2003 4:54 PM
>To: 'samba at lists.samba.org'
>Subject: [Samba] NTLMv2 in Samba 3.0
>
>
>Hello,
>Has anyone successfully configured Samba 3.0 to authenticate using NTLMv2
>only? I have below entry in smb.conf:
>password server = <domain controller>
>
>to use domain controller for user authentication and DC is configured with
>Level 5 - DC refuses LM and NTLM authentication (accepts only NTLMv2). So
>far I got: "System error 1326 has occurred.
>Logon failure: unknown user name or bad password." errors. 
>
>I am not sure what option(s) to use in the smb.conf file to make it work. My
>understanding is that Samba 3.0 defaults to NTLMv2 if password server is
>configured to accept NTLMv2. 
>
>Thanks a lot in advance.
>Dan 
>  
>
I don't know if this is related to this problem, but I noticed that

my win XP box doesn't connect to a samba 3.0.0 server if I set the regkey

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"lmcompatibilitylevel"=dword:00000000

to 3,4 or 5 I got an error on the client "Server doesn't support this 
feature" or something like that...

0|LM- und NTLM-Anworten senden
1|LM- und NTLM-Antworten senden (NTLMv2-Sitzungssicherheit verwenden, 
wenn ausgehandelt)
2|Nur NTLM-Antworten senden
3|Nur NTLMv2-Antworten senden
4|Nur NTLMv2-Antworten senden\LM verweigern
5|Nur NTLMv2-Antworten senden\LM & NTLM verweigern

If I apply this patch it works, but then it doesn't work with the 
settings 0,1,2...

Does anyone knows how a windows server does this?

maybe a 'server NTLMv2' options is needed for this...

Index: libsmb/ntlmssp.c
===================================================================
RCS file: /cvsroot/samba/source/libsmb/ntlmssp.c,v
retrieving revision 1.4.2.23
diff -u -r1.4.2.23 ntlmssp.c
--- libsmb/ntlmssp.c    16 Sep 2003 01:27:46 -0000      1.4.2.23
+++ libsmb/ntlmssp.c    6 Nov 2003 12:02:46 -0000
@@ -159,8 +159,9 @@
           return the flags we want. Obviously this is not correct */

        chal_flags =
-               NTLMSSP_NEGOTIATE_128 |
-               NTLMSSP_NEGOTIATE_NTLM;
+               NTLMSSP_NEGOTIATE_128 |
+               NTLMSSP_NEGOTIATE_NTLM |
+               NTLMSSP_NEGOTIATE_NTLM2;

        if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) {
                chal_flags |= NTLMSSP_NEGOTIATE_UNICODE;

More information about the samba-technical mailing list