[linux-cifs-client] Linux CIFS NTLMSSP mount failing against win2k8

Jeff Layton jlayton at samba.org
Wed Apr 14 06:29:44 MDT 2010

On Wed, 14 Apr 2010 09:01:32 +1000
Andrew Bartlett <abartlet at samba.org> wrote:

> On Sun, 2010-04-11 at 19:40 -0400, Jeff Layton wrote:
> > I don't think that's right. CIFS_SESS_KEY_SIZE is 24 bytes. According
> > to the MS-NLMP document, the session key should be 16 bytes. The
> > signing key is different with NTLMSSP than with "raw" NTLM and NTLMv2.
> So, with NTLMSSP the 24 byte (actually variable, it is much lager for
> NTLMv2) response is not included in the MAC calculation - just use the
> 16 bytes session key only. 
> Andrew Bartlett

That was it! I was putting the right key into the NTLMSSP response, but
was leaving the saved key used for signing as a 40-byte key. When I
limit the key length to 16 then signing works correctly.

I'll need to clean up the code a bit, but will post a patch to fix this

Many thanks,
Jeff Layton <jlayton at samba.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100414/25976bfc/attachment.pgp>

More information about the samba-technical mailing list