[PATCH] Fix for a bug in MacOS X Sierra NTLMv2 processing.

Ralph Böhme slow at samba.org
Thu Jun 22 19:47:08 UTC 2017

On Thu, Jun 22, 2017 at 11:40:55AM -0700, Jeremy Allison wrote:
> Found at the plugfest. The Apple MacOS X Sierra SMB2
> server has a bug. It only supports NTLMv2 but doesn't
> negotiate it in the chal_flags returned to the client.
> Windows clients work as use NTLMv2 by default and ignore
> the negotiate but. Here is a patch that adds a tunable
> ntlmssp_client:force ntlmv2 (default off) that allows
> smbclient, libsmbclient and associated tools to still
> connect to the MacOS X Sierra SMB2 server.
> I'm ambivilent about this - this is a server bug, but
> until they fix it no Samba client tools can connect to
> this server without this fix.
> We get:
> ntlmssp_handle_neg_flags: Got challenge flags[0x22810205] - possible downgrade detected! missing_flags[0x00080000] - NT code 0x80090302
> SPNEGO(ntlmssp) login failed: NT code 0x80090302
> session setup failed: NT code 0x80090302

works for me against 10.12.5 *without* the patch:

[slow at kazak scratch]$ ./bin/smbclient -msmb3 -U slow // -c exit
Enter SLOW\slow's password: 
Domain=[INTI] OS=[unknown] Server=[unknown]
[slow at kazak scratch]$ 


More information about the samba-technical mailing list