NTLMv2 support for NT4 and Win2k Clients
abartlet at pcug.org.au
Sat May 25 23:29:02 GMT 2002
Just a quick note:
I finally got around to testing NTLMv2 support for NT and Win2k
clients. The basic news is that it works. The restrictions are that
for win2k it must be run with the 'use spnego = false' smb.conf option.
(Without this Win2k will attempt to use NTLMSSP, where we don't yet know
how to specify NTLMv2 support correctly).
I also don't expect password changes to work, due to the same issue with
NTLMSSP on the pipes.
However, for basic applications, this is functional.
Note: further work needs to be done on samba's server end, currently it
does not verify all the data, and therefore still permits MITM attacks.
Secondly, we need to port the NTLMv2 support for the *client* end across
from TNG (where we got the server end).
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical