[linux-cifs-client] Linux CIFS NTLMSSP mount failing against win2k8

Jeff Layton jlayton at samba.org
Wed Apr 14 09:34:53 MDT 2010


On Wed, 14 Apr 2010 08:29:44 -0400
Jeff Layton <jlayton at samba.org> wrote:

> On Wed, 14 Apr 2010 09:01:32 +1000
> Andrew Bartlett <abartlet at samba.org> wrote:
> 
> > On Sun, 2010-04-11 at 19:40 -0400, Jeff Layton wrote:
> > 
> > > I don't think that's right. CIFS_SESS_KEY_SIZE is 24 bytes. According
> > > to the MS-NLMP document, the session key should be 16 bytes. The
> > > signing key is different with NTLMSSP than with "raw" NTLM and NTLMv2.
> > 
> > So, with NTLMSSP the 24 byte (actually variable, it is much lager for
> > NTLMv2) response is not included in the MAC calculation - just use the
> > 16 bytes session key only. 
> > 
> > Andrew Bartlett
> > 
> 
> That was it! I was putting the right key into the NTLMSSP response, but
> was leaving the saved key used for signing as a 40-byte key. When I
> limit the key length to 16 then signing works correctly.
> 
> I'll need to clean up the code a bit, but will post a patch to fix this
> soon.
> 
> Many thanks,

Sigh, I made a mistake in testing. This didn't actually fix the
problem. The tree connect is still rejected after session setup. The
odd thing here is that this mount works against my samba server
(samba-3.4.7-58.fc12.x86_64).

Anyway for the purposes of discussion, here is the current patch I've
got. Signing is still busted with this though. Anyone have thoughts on
what we're doing wrong here?

-- 
Jeff Layton <jlayton at samba.org>


More information about the samba-technical mailing list