ntlmssp errors against El Capitan's SMB Server
Christian Ambach
ambi at samba.org
Sun Aug 28 14:37:43 UTC 2016
Am 26.08.16 um 01:56 schrieb Jeremy Allison:
> Trouble is the server is saying it *does* support the NTLMSSP_NEGOTIATE_SIGN
> flag in the reply.
>
> Can you get a Windows 8 or above client capture trace connecting to
> this same server to see "what windows does (tm)".
Windows 7 and Windows 10 happily finish connecting, see attach pcap.
I have run git bisect and it pointed me to commit 0d641ee36ae2c.
CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC
generation (as client)
So the rules were tightened because of Badlock. Maybe too tight?
I have also found an Ubuntu bug about the same:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1579540
Setting ntlmssp_client:force_old_spnego = yes to helps,
but this will then affect all client connections.
Which spec applies here to indicate that the server must supply a signature?
Cheers,
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apple_windows10.pcap
Type: application/octet-stream
Size: 61516 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160828/c4e1ed9c/apple_windows10.obj>
More information about the samba-technical
mailing list