[PATCH] s4 libcli should not use NTLMv2 if extended security is not negotiated

Christian M Ambach christian.ambach at de.ibm.com
Wed Mar 16 05:56:13 MDT 2011

Andrew Bartlett <abartlet at samba.org> wrote on 03/15/2011 11:41:18 PM:

> > Would it be the correct solution to remove the computer name? 
> If that's what windows clients do, then yes.  But let's pin down what
> Windows 2008 needs just in case it shows us an exception to the rule we
> need to take into account. 

I did some more research and found 
On Windows 2008, NTLMv2 is not possible any more without spnego unless a
registry key is added.

I attached my updated patchset that makes NTLMv2 w/o spnego work and 
correctly announces missing support for NT error codes from the first 
packet on (minor nit that is not necessary to make the torture tests pass 

Please review.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s4-libcli-do-not-announce-NT-error-code-support-when.patch
Type: application/octet-stream
Size: 1017 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110316/b58af51d/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-cli-do-not-send-computername-in-ntlmv2-without-ntmls.patch
Type: application/octet-stream
Size: 1020 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110316/b58af51d/attachment-0001.obj>

More information about the samba-technical mailing list