Samba 3.0.21 & NTLMSSP with NTLMv2

Andrew Bartlett abartlet at samba.org
Fri Feb 3 22:15:13 GMT 2006


On Fri, 2006-02-03 at 09:06 -0800, Jeremy Allison wrote:
> On Fri, Feb 03, 2006 at 11:34:29AM +0300, Jet Info wrote:
> > Hi, Andrew & Samba Team!   
> >    
> > I read the archive of samba-technical posted on May 17 00:06:40 GMT 2003 (link  
> > http://lists.samba.org/archive/samba-technical/2003-May/029542.html) and I have  
> > same problem:  
> > If I configure my Domain to "use NTLMv2 only, refuse LM&NTLM" and configure samba  
> > to use NTLMv2 (client NTLMv2 auth = Yes client lanman auth = No), I can  
> > successfully connect to a samba share.  
> > But if I also configure XP client  
> > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]  
> > "NtlmMinClientSec"=dword:00080000 - "Minimum session security for NTLMSSP based  
> > (including secure RPC) clients - require NTLMv2 session security. I got 'the  
> > network request is not supported.' at the XP client  
> > Does new Samba version support NTLMv2 in NTLMSSP? 
> > If not, Is it planned to include this option in future?  
> 
> Samba 3.0.21a and b support NTLMv2 in NTLMSSP (based on the
> hard work of Andrew Bartlett !).

Please try that version, and let me know.  Also avoid any 'username
map', and use it from a domain logon context, for best results.

The issues with NTLMv2 are often due to a checksum over the exact form
of the username and domain.  We may need to be more careful.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060204/2252f94d/attachment.bin


More information about the samba-technical mailing list