[linux-cifs-client] Linux CIFS NTLMSSP mount failing against win2k8

Steve French smfrench at gmail.com
Wed Apr 14 07:26:46 MDT 2010


On Wed, Apr 14, 2010 at 7:29 AM, Jeff Layton <jlayton at samba.org> wrote:
> On Wed, 14 Apr 2010 09:01:32 +1000
> Andrew Bartlett <abartlet at samba.org> wrote:
>
>> On Sun, 2010-04-11 at 19:40 -0400, Jeff Layton wrote:
>>
>> > I don't think that's right. CIFS_SESS_KEY_SIZE is 24 bytes. According
>> > to the MS-NLMP document, the session key should be 16 bytes. The
>> > signing key is different with NTLMSSP than with "raw" NTLM and NTLMv2.
>>
>> So, with NTLMSSP the 24 byte (actually variable, it is much lager for
>> NTLMv2) response is not included in the MAC calculation - just use the
>> 16 bytes session key only.
>>
>> Andrew Bartlett
>>
>
> That was it! I was putting the right key into the NTLMSSP response, but
> was leaving the saved key used for signing as a 40-byte key. When I
> limit the key length to 16 then signing works correctly.
>
> I'll need to clean up the code a bit, but will post a patch to fix this
> soon.

Awesome (especially since this was not intuitive).

Thoughts about whether this belongs in this late rc (I lean toward yes)?


-- 
Thanks,

Steve


More information about the samba-technical mailing list