>From e78c05eab18c84df50b21cab3dda87bbbd4ae490 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 22 Jun 2017 11:16:38 -0700
Subject: [PATCH] auth: ntlmssp: The Apple MacOS Sierra SMB2 server has a bug,
 it only supports NTLMv2 but doesn't correctly negotiate it.

Windows clients work around this by forcing an attempt to use NTLMv2 if the server
claims not to support it. Add a tunable - "ntlmssp_client:force ntlmv2" (default
false) to allow libsmbclient/smbclient to behave the same way and connect to
the Apple server.

Signed-off-by: Jeremy Allison <jra@samba.org>
---
 auth/ntlmssp/ntlmssp_client.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index 5edd5f4fce6..9bc2481b2ed 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -267,6 +267,18 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
 
 	data_blob_free(&server_domain_blob);
 
+	if (ntlmssp_state->use_ntlmv2 &&
+			gensec_setting_bool(gensec_security->settings,
+					"ntlmssp_client",
+					"force ntlmv2",
+					false)) {
+		if (!(chal_flags |= NTLMSSP_NEGOTIATE_NTLM2)) {
+			DBG_NOTICE("NTLMSSP: ntlmv2 not negotiated - "
+				"forcing ntlmv2 on:\n");
+			chal_flags |= NTLMSSP_NEGOTIATE_NTLM2;
+		}
+	}
+
 	DEBUG(3, ("Got challenge flags:\n"));
 	debug_ntlmssp_flags(chal_flags);
 
-- 
2.11.0