[Samba] Samba 3.0.2a - Erroneously rejects NTLMv2 but accepts NTLM
Andrew Bartlett
abartlet at samba.org
Thu Apr 22 08:50:45 GMT 2004
On Sat, 2004-04-17 at 03:31, Adrian Newby wrote:
> Hello experts,
>
> I¹ll try and keep this brief but detailed (if that¹s possible.). I¹m sure I
> don¹t understand the technologies sufficiently but I believe I¹m seeing
> counter-intuitive behavior with my Samba 3 setup. What I want is nice,
> tight Win 2K3 security. What I¹ve got is ADS integration, including domain
> user authentication using winbind, but I can¹t get the security level right.
>
> Problem summary:
> ----------------------
> Samba 3.0.2a on Solaris 9 is configured with ADS security.
> Lanman and NTLM authentication is prohibited.
> Clients requesting NTLMv2 authentication result in NT_STATUS_ACCESS_DENIED,
> even though the log suggests authentication is successful.
> Clients requesting NTLM authentication are accepted and authenticated.
> Also, cannot establish initial SMB session when packet signing enforced.
> (log not provided)
Try all this with a current subversion checkout, or 3.0.3rc1.
The ACCESS_DENIED is because the tree connect appears not to have a
valid vuid (the token returned by a session setup), which is most odd..
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040422/31c66233/attachment.bin
More information about the samba
mailing list