NTLMv2 in NTLMSSP does not work
Chere Zhou
qzhou at isilon.com
Sat May 17 00:06:40 GMT 2003
Hi, Andrew & Samba Team,
I remember you know a lot about NTLMSSP and NTLMv2. It does not seem to work
looking at the network trace. I thought NTLMv2 is supported.
I have Samba 3.0 joined a win2k domain, and a client WinXP box configured to
do NTLMv2 only.
Ok, here is how it goes. I set on the XP client
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"lmcompatibilitylevel"=dword:00000003
I can successfully connect to a samba share. However, looking at the network
trace, it goes like
client say: ntlm=1, ntlmv2=1, etc...
server: ntlm=1, ntlmv2=0, ntlm challenge = blah
client say: ntlm=1, ntlmv2=0, security blob = blah
server: success.
If I also set on the XP client
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"NtlmMinClientSec"=dword:00080000
which means "the connection does not succeed if NTLM 2 session security is
not negotiated" according to Microsoft kb239869, I got 'the network request
is not supported.' at the XP client. Network trace looks like
client say: ntlm=1, ntlmv2=1, etc...
server: ntlm=1, ntlmv2=0, ntlm challenge = blah
client say: ntlm=1, ntlmv2=1,
server: ntlm=1, ntlmv2=0, ntlm challenge = blah
Then the client just gives back the not supported error.
I can provide the actual traces if whoever want to have a look. Joining an
ADS or NT4 domain does not make a difference. I need this to work. If you
do not have time to do this, please give me a hint of where to look. Thanks
a lot.
Chere
More information about the samba-technical
mailing list