"NTLMv2 Response (Only)" yields Unicode password length of 78

Ken Cross kcross at nssolutions.com
Fri Apr 11 13:43:44 GMT 2003 

A little more detail.  To get the NTLMv2 to fail, the client was set
with the following registry parameters:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"lmcompatibilitylevel"=dword:00000003

0x3 - Send NTLMv2 response only. Clients will use NTLMv2 authentication,
use NTLMv2 session security if the server supports it. Domain
controllers accept LM, NTLM and NTLMv2 authentication.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"NtlmMinClientSec"=dword:00080000

0x80000 - NTLMv2 session security. If either NtlmMinClientSec or
NtlmMinServerSec is set to 0x80000, the connection will fail if NTLMv2
session security is not negotiated.

After these were set, the client had to be rebooted to take effect.
When it came back up, we were able to successfully map a share from a
Windows XP machine and a Win2k server, but were unable to authenticate
with Samba.

Hope this helps.

Ken
________________________________

Ken Cross

Network Storage Solutions
Phone 865.675.4070 ext 31
kcross at nssolutions.com 

> -----Original Message-----
> From: Stefan (metze) Metzmacher [mailto:metze at metzemix.de] 
> Sent: Thursday, April 10, 2003 11:14 PM
> To: Ken Cross; 'Andrew Bartlett'
> Cc: 'Christopher R. Hertel'
> Subject: RE: "NTLMv2 Response (Only)" yields Unicode password 
> length of 78
> 
> 
> At 22:58 10.04.2003 -0400, Ken Cross wrote:
> >[2003/04/10 13:58:25, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(33)
> >   Got NTLMSSP neg_flags=0xc008b297
> >     NTLMSSP_NEGOTIATE_UNICODE
> >     NTLMSSP_NEGOTIATE_OEM
> >     NTLMSSP_REQUEST_TARGET
> >     NTLMSSP_NEGOTIATE_SIGN
> >     NTLMSSP_NEGOTIATE_LM_KEY
> >     NTLMSSP_NEGOTIATE_NTLM
> >     NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
> >     NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED
> >     NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> 
> maybe its because the client wants ALWAYS_SIGN
> and we didn't support that for now
> 
> >     NTLMSSP_NEGOTIATE_NTLM2
> >     NTLMSSP_NEGOTIATE_KEY_EXCH
> >[2003/04/10 13:58:25, 5] auth/auth.c:get_ntlm_challenge(67)
> >   auth_get_challenge: module guest did not want to specify 
> a challenge 
> >[2003/04/10 13:58:25, 5] auth/auth.c:get_ntlm_challenge(67)
> >   auth_get_challenge: module sam did not want to specify a 
> challenge 
> >[2003/04/10 13:58:25, 5] auth/auth.c:get_ntlm_challenge(106)
> >   auth_context challenge created by random
> >[2003/04/10 13:58:25, 5] auth/auth.c:get_ntlm_challenge(107)
> >   challenge is:
> >[2003/04/10 13:58:25, 3] smbd/process.c:timeout_processing(1095)
> >   end of file from client
> 
> 
> metze
> --------------------------------------------------------------
> ---------------
> Stefan "metze" Metzmacher <metze at metzemix.de> 
>

More information about the samba-technical mailing list