source3/libads/sasl,c provides for ADS_AUTH_ALLOW_NTLMSSP but there is no way to switch it on in the smb.conf

Thu Nov 19 20:37:02 UTC 2015

Hi folks,

We were wanting to test allowing NTLMSSP auth in SASL, but there is no
way to switch on the fallback in the smb.conf allowed here:

                /* only fallback to NTLMSSP if allowed */
                if (ADS_ERR_OK(status) ||
                    !(ads->auth.flags & ADS_AUTH_ALLOW_NTLMSSP)) {
                        return status;
                }
        } else
#endif
        {
                TALLOC_FREE(given_principal);
        }

        /* lets do NTLMSSP ... this has the big advantage that we don't need
           to sync clocks, and we don't rely on special versions of the krb5
           library for HMAC_MD4 encryption */
        return ads_sasl_spnego_ntlmssp_bind(ads);

It that intentional?

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)