Can Samba 3.0 do raw NTLMSSP?
Jeremy Allison
jra at samba.org
Mon Dec 8 18:46:22 GMT 2008
On Sat, Dec 06, 2008 at 05:14:36PM -0500, Michael B Allen wrote:
> On Sat, Dec 6, 2008 at 3:52 PM, Jeremy Allison <jra at samba.org> wrote:
> > On Sat, Dec 06, 2008 at 03:22:22PM -0500, Michael B Allen wrote:
> >> Hi,
> >>
> >> Can Samba 3.0 do raw NTLMSSP without SPNEGO?
> >>
> >> We just implemented NTLMv2 in JCIFS and we have extended security
> >> turned on by default now. But JCIFS is failing with Samba 3.0 now
> >> because it the raw NTLMSSP Type1Message blob is being rejected with
> >> STATUS_LOGON_FAILURE.
> >
> > Hmmm, I thought we did that.
> >
> >> Does a more recent version of Samba 3.0 support raw NTLMSSP?
> >
> > What version are you trying against ? We're currently
> > at 3.2.5 you know, not 3.0.anything ?
>
> Yeah, I know - 3.2.x works fine. It's just 3.0.x that looks like it
> doesn't like raw NTLMSSP. If I hack all of the the flags and such to
> make the Type1Message look exactly like the SPNEGO-wrapped equivalent
> Type1Message sent by smbclient, it still fails. So the only difference
> looks like SPNEGO.
>
> If you're not sure, then I'll recommend that the customer try to
> upgrade to the latest 3.0 and see if that makes any difference.
Which 3.0.x is the customer using ? If we've already fixed
it in 3.2.x then I'd suggest they upgrade to that instead.
Jeremy.
More information about the samba-technical
mailing list