[linux-cifs-client] Linux CIFS NTLMSSP mount failing against win2k8
Jeff Layton
jlayton at samba.org
Wed Apr 14 07:33:16 MDT 2010
On Wed, 14 Apr 2010 08:26:46 -0500
Steve French <smfrench at gmail.com> wrote:
> On Wed, Apr 14, 2010 at 7:29 AM, Jeff Layton <jlayton at samba.org> wrote:
> > On Wed, 14 Apr 2010 09:01:32 +1000
> > Andrew Bartlett <abartlet at samba.org> wrote:
> >
> >> On Sun, 2010-04-11 at 19:40 -0400, Jeff Layton wrote:
> >>
> >> > I don't think that's right. CIFS_SESS_KEY_SIZE is 24 bytes. According
> >> > to the MS-NLMP document, the session key should be 16 bytes. The
> >> > signing key is different with NTLMSSP than with "raw" NTLM and NTLMv2.
> >>
> >> So, with NTLMSSP the 24 byte (actually variable, it is much lager for
> >> NTLMv2) response is not included in the MAC calculation - just use the
> >> 16 bytes session key only.
> >>
> >> Andrew Bartlett
> >>
> >
> > That was it! I was putting the right key into the NTLMSSP response, but
> > was leaving the saved key used for signing as a 40-byte key. When I
> > limit the key length to 16 then signing works correctly.
> >
> > I'll need to clean up the code a bit, but will post a patch to fix this
> > soon.
>
> Awesome (especially since this was not intuitive).
>
> Thoughts about whether this belongs in this late rc (I lean toward yes)?
>
>
I lean toward no, as this code is marked experimental.
--
Jeff Layton <jlayton at samba.org>
More information about the linux-cifs-client
mailing list