[linux-cifs-client] Linux CIFS NTLMSSP mount failing against win2k8

Shirish Pargaonkar shirishpargaonkar at gmail.com
Thu Jul 1 11:22:35 MDT 2010

On Mon, Jun 28, 2010 at 6:25 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> On Mon, 2010-06-28 at 17:47 -0500, Shirish Pargaonkar wrote:
>> When I look at Windows - Windows smb2 traces, the (16 bytes) signature
>> looks nothing like
>> version (which is 1), ciphertext of 8 bytes of hmac-md5, sequence number
> SMB2 SMB Signing does not use the NTLMSSP packet signing algorithm.
> Instead, like SMB, it takes the session key already calculated and
> applies a unique-to-SMB2 algorithm to it.  This involves sha256 I
> think.
> Andrew Bartlett
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Cisco Inc.

I have had luck with some kernel crypto apis while working on this code.
I have been able to use arc4 and md5 hash apis successfully while
not being able to figure out hmac-md5 apis and I had not even
looked at sha, which I will.

What is confusing to me is, current cifs code using ntlmv2 within
ntlmssp authenticates and signs against Windows 2003 server

But it does not against Windows 7 and Windows 2008 (I do not have
a Windows Vista installation). I am currently changing to code and
I am sure I would be able to authenticate using ntlmv2 within ntlmssp.
singing is what is confusing.

With smb2 client also, I can authenticate against Windows 7 and
Windows 2008 but signing fails.

So I am confused about what algorithm to use for cifs to sign
against Windows 7 and Windows 2008 server for ntlmv2 within ntlmssp
and what algorithm to use for smb2 to sign against a Windows 7
and Windows 2008 server for ntlmv2 within ntlmssp.

I have been reading and following MS-NLMP and

More information about the samba-technical mailing list