[PATCH] s4 libcli should not use NTLMv2 if extended security is not negotiated
Christian M Ambach
christian.ambach at de.ibm.com
Wed Mar 16 05:56:13 MDT 2011
Andrew Bartlett <abartlet at samba.org> wrote on 03/15/2011 11:41:18 PM:
> > Would it be the correct solution to remove the computer name?
>
> If that's what windows clients do, then yes. But let's pin down what
> Windows 2008 needs just in case it shows us an exception to the rule we
> need to take into account.
I did some more research and found
http://support.microsoft.com/kb/957441/en-us
On Windows 2008, NTLMv2 is not possible any more without spnego unless a
registry key is added.
I attached my updated patchset that makes NTLMv2 w/o spnego work and
correctly announces missing support for NT error codes from the first
packet on (minor nit that is not necessary to make the torture tests pass
again).
Please review.
Regards,
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s4-libcli-do-not-announce-NT-error-code-support-when.patch
Type: application/octet-stream
Size: 1017 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110316/b58af51d/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-cli-do-not-send-computername-in-ntlmv2-without-ntmls.patch
Type: application/octet-stream
Size: 1020 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110316/b58af51d/attachment-0001.obj>
More information about the samba-technical
mailing list