ntlmssp errors against El Capitan's SMB Server
jra at samba.org
Tue Aug 30 17:52:00 UTC 2016
On Tue, Aug 30, 2016 at 01:35:07PM -0400, Simo wrote:
> On Sun, 2016-08-28 at 16:37 +0200, Christian Ambach wrote:
> > Am 26.08.16 um 01:56 schrieb Jeremy Allison:
> > >
> > > Trouble is the server is saying it *does* support the
> > > NTLMSSP_NEGOTIATE_SIGN
> > > flag in the reply.
> > >
> > > Can you get a Windows 8 or above client capture trace connecting to
> > > this same server to see "what windows does (tm)".
> > Windows 7 and Windows 10 happily finish connecting, see attach pcap.
> > I have run git bisect and it pointed me to commit 0d641ee36ae2c.
> > CVE-2016-2110: auth/ntlmssp: implement new_spnego support including
> > MIC
> > generation (as client)
> > So the rules were tightened because of Badlock. Maybe too tight?
> > I have also found an Ubuntu bug about the same:
> > https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1579540
> > Setting ntlmssp_client:force_old_spnego = yes to helps,
> > but this will then affect all client connections.
> > Which spec applies here to indicate that the server must supply a
> > signature?
> The pcap file from the previous email shows there is a signature, what
> am I missing here ?
It's the final reply from server to client that is missing the sig.
We as the client are dropping the connection as we don't then trust
More information about the samba-technical