[PATCH] s4 libcli should not use NTLMv2 if extended security is not negotiated

Andrew Bartlett abartlet at samba.org
Wed Mar 9 14:27:06 MST 2011

On Wed, 2011-03-09 at 14:16 +0100, Christian M Ambach wrote:
> Hi list,
> while I was looking through the testcases in smbtorture, I noticed
> that two of them (base.samba3error and raw.samba3badpath) fail to connect 
> their
> second session against the target server.
> I cannot comment on if these two testcases are still worth existing, it 
> seems they
> are not included in the selftest. However, I was interested what the root 
> cause of
> this error is.
> Bisecting the code history, I figured out that those two worked a while 
> ago but
> they broke when the default of using NTLMv2 auth was changed from false to 
> true 
> in commit 54ee213fa5da6b138a "s4-client Use NTLMv2 by default in the 
> Samba4 client".
> I was able to revive the two tests with the a patch to disable NTLMv2 if
> extended security was not negotiated during protocol negotiation.
> They now pass again against Samba 3.6 and Win 2008R2.

I wonder if the bug is more subtle however.  NTLMv2 should work without
extended security, so what is really going on here?  Is the wrong name
presented to the NTLMv2 calculation?

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

More information about the samba-technical mailing list