[PATCH] Fix for a bug in MacOS X Sierra NTLMv2 processing.

Jeremy Allison jra at samba.org
Thu Jun 22 18:40:55 UTC 2017

Found at the plugfest. The Apple MacOS X Sierra SMB2
server has a bug. It only supports NTLMv2 but doesn't
negotiate it in the chal_flags returned to the client.

Windows clients work as use NTLMv2 by default and ignore
the negotiate but. Here is a patch that adds a tunable
ntlmssp_client:force ntlmv2 (default off) that allows
smbclient, libsmbclient and associated tools to still
connect to the MacOS X Sierra SMB2 server.

I'm ambivilent about this - this is a server bug, but
until they fix it no Samba client tools can connect to
this server without this fix.

We get:

ntlmssp_handle_neg_flags: Got challenge flags[0x22810205] - possible downgrade detected! missing_flags[0x00080000] - NT code 0x80090302
SPNEGO(ntlmssp) login failed: NT code 0x80090302
session setup failed: NT code 0x80090302

Should I log a Samba bug ? Do we want this patch ?

Comments welcome.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-auth-ntlmssp-The-Apple-MacOS-Sierra-SMB2-server-has-.patch
Type: text/x-diff
Size: 1428 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170622/8ca4517d/0001-auth-ntlmssp-The-Apple-MacOS-Sierra-SMB2-server-has-.diff>

More information about the samba-technical mailing list