NTLMv2 support for NT4 and Win2k Clients

Andrew Bartlett abartlet at pcug.org.au
Sat May 25 23:29:02 GMT 2002

Just a quick note:

I finally got around to testing NTLMv2 support for NT and Win2k
clients.  The basic news is that it works.  The restrictions are that
for win2k it must be run with the 'use spnego = false' smb.conf option. 
(Without this Win2k will attempt to use NTLMSSP, where we don't yet know
how to specify NTLMv2 support correctly).

I also don't expect password changes to work, due to the same issue with
NTLMSSP on the pipes.  

However, for basic applications, this is functional.

Note: further work needs to be done on samba's server end, currently it
does not verify all the data, and therefore still permits MITM attacks. 
Secondly, we need to port the NTLMv2 support for the *client* end across
from TNG (where we got the server end).

Andrew Bartlett
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list