FW: [Samba] NTLMv2 in Samba 3.0

Chu, Dan dan.chu at citigroup.com
Wed Feb 11 19:54:41 GMT 2004

I tested NTLMv2 again using the newly created Samba 3.0.2 (I didn't test
3.0.1). It still doesn't seem to work. Has anyone successfully made
NTLMv2 work? If so, can I have a working sample of the smb.conf file? 
I have included below entries in my smb.conf (among other entries):
security = server
password server = NTDomainController
client ntlmv2 auth = yes

On both NTDomainController and W2k client, I have Imcompatibilitylevel
set to 3 or 5 from the Registry Editor for LSA. I just cannot map a
drive from W2k client to the Samba server running Solaris 8. Can someone
help out, please?

Thanks a lot in advance.

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Thursday, November 06, 2003 2:21 PM
To: Jeremy Allison
Cc: Stefan Metzmacher; samba-technical at lists.samba.org; Chu, Dan [IT]
Subject: Re: FW: [Samba] NTLMv2 in Samba 3.0

On Thu, Nov 06, 2003 at 07:06:58PM +0000, Jeremy Allison wrote:
> On Thu, Nov 06, 2003 at 01:29:08PM +0100, Stefan Metzmacher wrote:
> > 
> > This is because we doesn't support NTLM2 Session Response.with value
> > http://davenport.sourceforge.net/ntlm.html#theNtlm2SessionResponse
> Ok, can you explain this a little more please ? It'd be nice
> to get this fixed for 3.0.1.

The code in libsmb/ntlmssp.c:ntlmssp_client_challenge() needs to be
translated for server-side use in ntlmssp_server_auth().  Note that we
are probably going to need to add some fancy logic, if you want
'security=server' to still work, as you will need to change the
'challenge' being submitted to the auth backend.

Andrew Bartlett

More information about the samba-technical mailing list