[PATCH] Fix for a bug in MacOS X Sierra NTLMv2 processing.
Jeremy Allison
jra at samba.org
Thu Jun 22 18:40:55 UTC 2017
Found at the plugfest. The Apple MacOS X Sierra SMB2
server has a bug. It only supports NTLMv2 but doesn't
negotiate it in the chal_flags returned to the client.
Windows clients work as use NTLMv2 by default and ignore
the negotiate but. Here is a patch that adds a tunable
ntlmssp_client:force ntlmv2 (default off) that allows
smbclient, libsmbclient and associated tools to still
connect to the MacOS X Sierra SMB2 server.
I'm ambivilent about this - this is a server bug, but
until they fix it no Samba client tools can connect to
this server without this fix.
We get:
ntlmssp_handle_neg_flags: Got challenge flags[0x22810205] - possible downgrade detected! missing_flags[0x00080000] - NT code 0x80090302
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
SPNEGO(ntlmssp) login failed: NT code 0x80090302
session setup failed: NT code 0x80090302
Should I log a Samba bug ? Do we want this patch ?
Comments welcome.
Jeremy,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-auth-ntlmssp-The-Apple-MacOS-Sierra-SMB2-server-has-.patch
Type: text/x-diff
Size: 1428 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170622/8ca4517d/0001-auth-ntlmssp-The-Apple-MacOS-Sierra-SMB2-server-has-.diff>
More information about the samba-technical
mailing list