source3/libads/sasl,c provides for ADS_AUTH_ALLOW_NTLMSSP but there is no way to switch it on in the smb.conf

Richard Sharpe realrichardsharpe at
Thu Nov 19 20:37:02 UTC 2015

Hi folks,

We were wanting to test allowing NTLMSSP auth in SASL, but there is no
way to switch on the fallback in the smb.conf allowed here:

                /* only fallback to NTLMSSP if allowed */
                if (ADS_ERR_OK(status) ||
                    !(ads->auth.flags & ADS_AUTH_ALLOW_NTLMSSP)) {
                        return status;
        } else

        /* lets do NTLMSSP ... this has the big advantage that we don't need
           to sync clocks, and we don't rely on special versions of the krb5
           library for HMAC_MD4 encryption */
        return ads_sasl_spnego_ntlmssp_bind(ads);

It that intentional?

Richard Sharpe

More information about the samba-technical mailing list