Linux CIFS NTLMSSP mount failing against win2k8

Shirish Pargaonkar shirishpargaonkar at gmail.com
Sat Apr 10 22:09:01 MDT 2010


On Sat, Apr 10, 2010 at 5:17 PM, Jeff Layton <jlayton at samba.org> wrote:
> I've been playing with NTLMSSP today in CIFS, and have run across a
> problem. The Session Setup using Raw NTLMSSP succeeds, but then afterward
> the tree connect fails with STATUS_ACCESS_DENIED. The odd thing is that
> if authenticate as the same user using krb5, then it works fine.
> smbclient does SPNEGO encapsulated NTLMSSP and the tree connect it does
> works fine as well.
>
> Attached is a capture that shows two "mount attempts". The first one
> fails (that the Linux CIFS one). The second succeeds -- that's the
> Linux CIFS one.
>
> The code I'm using is slightly modified so that the tree connect is
> closer to identical to what smbclient does. That doesn't get around the
> problem though. I assume that there must be something wrong with the
> session setup, but since it succeeds it seems like it ought to work...
>
> Does anyone have any clue as to what the problem is? Or does anyone
> know how to make win2k8 tell me why it's refusing the tree connect? The
> event viewer seems to be pretty useless for this, but maybe I'm just
> not looking in the right place?
>
> --
> Jeff Layton <jlayton at samba.org>
>

Jeff,

You can see if this code change,
  cifs_MD5_update(&context, (char *)&key->data, 16);
insetead of
 cifs_MD5_update(&context, (char *)&key->data, key->len);
in function cifs_calculate_signature() works.

Regards,

Shiris


More information about the samba-technical mailing list