Patch for 4365?
Andrew Bartlett
abartlet at samba.org
Thu Mar 1 21:21:08 GMT 2007
On Thu, 2007-03-01 at 07:57 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Volker Lendecke wrote:
> > Hi, Jerry!
> >
> > I'm behind a bad network -- the attached patch fixes #4365
> > for me. Can you upload that to the bug?
> >
> > The problem is that Vista for me did the ntlmv2 calculations
> > based on the lower-case domain and we were sending upper
> > case in the samlogon request.
> >
> > Potential 3.0.25 one, but this needs very thorough review
> > and test with other situations.
>
> Follow up from current bugzilla day chat on #samba-technical:
>
> (7:52:37 AM) coffeedude: vl: so when we do the NTLMv2
> conversation for the samlogon request we should
> use the client's domain and not lp_workgoup()?
> I thought those should be the same here.
>
> (7:53:54 AM) vl: coffeedude: I looked at the samlogon packet,
> and we were sending uppercase without winbind
> and lowercase from within winbind.
> (7:54:20 AM) vl: And the cli_domain contained the lowercase one,
> so I just changed that and it worked.
>
> (7:55:12 AM) coffeedude: vl: WT...? That's strange....ok
> So they should be the same but if was the case
> sensitive domain name string sent by the client
> that was used to generate the NTLMv2 response.
> Kind of makes sense then
> (7:55:22 AM) coffeedude: I'll upload the patch and get
> the reporter to test
This all seems very reasonable given the way the HMAC in NTLMv2
operates.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070302/aace125b/attachment.bin
More information about the samba-technical
mailing list