[Patches] Fix GENSEC_FEATURE_LDAP_STYLE handling as server (NTLMSSP NTLM2 packet check failed due to invalid signature!) (bug #13427)
slow at samba.org
Wed May 9 13:13:29 UTC 2018
On Wed, May 09, 2018 at 02:37:32PM +0200, Stefan Metzmacher via samba-technical wrote:
> here're patches to demonstrate and fix a regression of our server side
> GENSEC_FEATURE_LDAP_STYLE handling.
would you mind explaining the logic behind GENSEC_FEATURE_LDAP_STYLE any why
NTLMSSP_NEGOTIATE_SIGN implies NTLMSSP_NEGOTIATE_SEAL over LDAP ? Thanks!
> From 109f0487abdafc16a31a221f1ff57dccb0b2a775 Mon Sep 17 00:00:00 2001
> From: Stefan Metzmacher <metze at samba.org>
> Date: Mon, 7 May 2018 14:50:27 +0200
> Subject: [PATCH 3/3] auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE
> as a server
> This fixes "NTLMSSP NTLM2 packet check failed due to invalid signature!"
> error messages, which were generated if the client only sends
> NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL on an LDAP
> This fixes a regession in the combination of commits
> 77adac8c3cd2f7419894d18db735782c9646a202 and
> We need to evaluate GENSEC_FEATURE_LDAP_STYLE at the end
> of the authentication (as a server), while we need to (any already
> do so at the beginning as a client).
Oh, and btw, this commit message is in need of some love. :)
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
GPG Key Fingerprint: FAE2 C608 8A24 2520 51C5
59E4 AA1E 9B71 2639 9E46
More information about the samba-technical