Getting Wine to do NTLMSSP authentication and what is needed on the Samba side

Jeremy Allison jra at
Mon Jul 3 16:17:22 GMT 2006

On Sun, Jul 02, 2006 at 09:18:56PM +0200, Kai Blin wrote:
> 2) Scratch the current approach using GENSEC and add handling of NTLMSSP blobs 
> to winbind. This would possibly go into Samba 3, and thus be part of a 
> distribution's Samba package sooner. It would also mean that there is a nice 
> IPC border between the GPL and the LGPL code, so no problems there. I would 
> need to rewrite that part of Wine yet again, though.

This is the quickest way to make this work (IMHO).

> 3) Extend ntlm_auth to also handle signing/sealing and extend the current Wine 
> code to use ntlm_auth for that, too. This would also keep the GPL and LGPL 
> code seperate and force me to ditch my current work, but at least I can keep 
> the stuff I did last year. It would add bloat to ntlm_auth, of course.

Probably second best solution.

> 4) I could drop using Samba at all and try to extend libntlm[2]. I don't 
> particularly fancy this idea, but there's a couple of people on the Wine side 
> who would prefer not to add another dependency to Wine, so it might be easier 
> to convince Alexandre Julliard to accept that code. I would again mean to 
> rewrite all the Wine code I wrote so far, plus it smells of reinventing (and 
> maintaining) the wheel.

I looked at libntlm - currently it doesn't correctly handle unicode
(it does what Samba 1.x or was it 2.x used to do, add zero byes
every other byte) so this will be a long long road to walk....


More information about the samba-technical mailing list