NTLM, NTLMv2, lmcompatibilitylevel >=2 doesnt work

Andrew Bartlett abartlet at pcug.org.au
Sat Dec 29 15:13:03 GMT 2001 

The problem is the spnego stuff.  The win2k machine attempts to
negotiate ntlmv2 etc, and we keep seending back the same old stuff. 
This area needs a *lot* of work.

Try it with 'use spnego = false' and see how far you get.

I need to take a closer look at this at some stage...

Andrew Bartlett

Syzop wrote:
> 
> Hi,
> 
> I'm wondering if samba supports NTLMv2, particullary NTLMv2 session security.
> 
> But I can't even get NTLM-only to work :(.
> I'm trying to increase lmcompatibilitylevel, but I can't connect to the samba server
> anymore when I set it to 2 or higher ("Send NTLM authenication only").
> 
> I'm using HEAD CVS of today, and my smb.conf looks like this:
> [global]
>         workgroup = WORKGROUP
>         server string = Blablabla
>         interfaces = 192.168.5.0/24
>         log file = /var/log/samba/smbd.%m
>         max log size = 1000
>         time server = Yes
>         socket options = TCP_NODELAY  SO_RCVBUF=8192 SO_SNDBUF=8192
>         local master = No
>         dns proxy = No
>         lanman auth = Yes
>         ntlm auth = Yes
> (and the shares etc)
> (oh and lanman auth = No didnt solve anything IIRC)
> 
> The client machine is W2K+SP2.
> When I do a "net use k: \\smbserv\temp" Ethereal/tcpdump shows
> a SMBnegprot request, reply, SMBsessionsetupX request, reply and then
> the w2k client closes the tcp connection.
> 
> The eventlog show something like (translated from dutch):
> "The redirector cannot initialize the properties of the securitycontext or querycontext."
> 
> Thanks,
> 
>     Bram Matthys.
> 
> PS: Please CC as I'm not subscribed to the list (the subscribe thing online gives a timeout and
> a subscribe mail to samba-request at lists.samba.org doesn't work [not sure if should work anyway]).
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list