Jim McDonough jmcd at us.ibm.com
Tue Aug 27 11:49:00 GMT 2002

>It looks like the recent changes to 'correct' NTLMSSP have broken NTLMv2
>in some way - Probably in much the same way that we suddenly got LM
>based session keys once we got the rest correct.
Works fine for me, but I'm the first to admit I'm not sure how to verify
I'm really using NTLMv2.  The samba logs seem to indicate it, and I set it
in my security policy (and it's the effective policy).

>In particular, it seems that the feilds in the NTLMSSP challange packet
>may have been re-ordered (Netbios name, domain name etc).
Reordering doesn't matter (though Samba generates the same order my win2k
systems do) because each address has a tag to identify what type it is.

>Can you give this a look, and try out NTLMv2 to a Samba PDC?
At first glance, mine works...let me know how to properly verify it...

Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074

jmcd at us.ibm.com
jmcd at samba.org

Phone: (207) 885-5565
IBM tie-line: 776-9984

More information about the samba-technical mailing list