[PATCH] Fix for a bug in MacOS X Sierra NTLMv2 processing.

Jeremy Allison jra at samba.org
Thu Jun 22 20:26:38 UTC 2017

On Thu, Jun 22, 2017 at 09:47:08PM +0200, Ralph Böhme wrote:
> On Thu, Jun 22, 2017 at 11:40:55AM -0700, Jeremy Allison wrote:
> > Found at the plugfest. The Apple MacOS X Sierra SMB2
> > server has a bug. It only supports NTLMv2 but doesn't
> > negotiate it in the chal_flags returned to the client.
> > 
> > Windows clients work as use NTLMv2 by default and ignore
> > the negotiate but. Here is a patch that adds a tunable
> > ntlmssp_client:force ntlmv2 (default off) that allows
> > smbclient, libsmbclient and associated tools to still
> > connect to the MacOS X Sierra SMB2 server.
> > 
> > I'm ambivilent about this - this is a server bug, but
> > until they fix it no Samba client tools can connect to
> > this server without this fix.
> > 
> > We get:
> > 
> > ntlmssp_handle_neg_flags: Got challenge flags[0x22810205] - possible downgrade detected! missing_flags[0x00080000] - NT code 0x80090302
> > SPNEGO(ntlmssp) login failed: NT code 0x80090302
> > session setup failed: NT code 0x80090302
> works for me against 10.12.5 *without* the patch:
> [slow at kazak scratch]$ ./bin/smbclient -msmb3 -U slow // -c exit
> Enter SLOW\slow's password: 
> Domain=[INTI] OS=[unknown] Server=[unknown]
> [slow at kazak scratch]$ 

I'm here at the plugfest testing against the
latest server and a system that claims to be
Apple MacOS X Sierra. I can't connect without
the patch to both servers with the error I posted.
These servers not be what is claimed, but otherwise
I can't explain it.

Maybe both are running unreleased code with a bug,
but there is certainly an issue here, either currently
or coming soon ! :-).


More information about the samba-technical mailing list