Stefan (metze) Metzmacher metze at
Tue Jan 14 07:03:26 MST 2014

Hi Andrew,

>> can you review the attached patches from my master4-schannel-ok
>> branch.
>> It seems that the use computer name in ServerAuthenticate must be at most
>> 15 characters long.
> My concerns are:
>  - how does this (if at all) interact with the NTLMv2 computer name
> check?

Thanks for finding that :-(
I'm currently writing some tests...

at least wbinfo -ntlmv2 -a ... doesn't work against a w2k8r2 dc,
if we're a member workstation.

>  - shouldn't we be stopping the netbios name being more than 15
> characters earlier?

Yes, we can do that.

>  - the hash isn't limited to ascii chars, is sending binary really a
> great idea, if it ends up in a windows event log etc?

I'm using 8 hex characters instead of the raw bytes.


More information about the samba-technical mailing list