[PATCH] Fix for a bug in MacOS X Sierra NTLMv2 processing.
Ralph Böhme
slow at samba.org
Thu Jun 22 19:47:08 UTC 2017
On Thu, Jun 22, 2017 at 11:40:55AM -0700, Jeremy Allison wrote:
> Found at the plugfest. The Apple MacOS X Sierra SMB2
> server has a bug. It only supports NTLMv2 but doesn't
> negotiate it in the chal_flags returned to the client.
>
> Windows clients work as use NTLMv2 by default and ignore
> the negotiate but. Here is a patch that adds a tunable
> ntlmssp_client:force ntlmv2 (default off) that allows
> smbclient, libsmbclient and associated tools to still
> connect to the MacOS X Sierra SMB2 server.
>
> I'm ambivilent about this - this is a server bug, but
> until they fix it no Samba client tools can connect to
> this server without this fix.
>
> We get:
>
> ntlmssp_handle_neg_flags: Got challenge flags[0x22810205] - possible downgrade detected! missing_flags[0x00080000] - NT code 0x80090302
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> SPNEGO(ntlmssp) login failed: NT code 0x80090302
> session setup failed: NT code 0x80090302
works for me against 10.12.5 *without* the patch:
[slow at kazak scratch]$ ./bin/smbclient -msmb3 -U slow //10.10.11.1/slow -c exit
Enter SLOW\slow's password:
Domain=[INTI] OS=[unknown] Server=[unknown]
[slow at kazak scratch]$
Cheerio!
-slow
More information about the samba-technical
mailing list