[Samba] Samba 3.0.2a - Erroneously rejects NTLMv2 but accepts NTLM

Andrew Bartlett abartlet at samba.org
Thu Apr 22 08:50:45 GMT 2004


On Sat, 2004-04-17 at 03:31, Adrian Newby wrote:
> Hello experts,
> 
> I¹ll try and keep this brief but detailed (if that¹s possible.).  I¹m sure I
> don¹t understand the technologies sufficiently but I believe I¹m seeing
> counter-intuitive behavior with my Samba 3 setup.  What I want is nice,
> tight Win 2K3 security.  What I¹ve got is ADS integration, including domain
> user authentication using winbind, but I can¹t get the security level right.
> 
> Problem summary:
> ----------------------
> Samba 3.0.2a on Solaris 9 is configured with ADS security.
> Lanman and NTLM authentication is prohibited.
> Clients requesting NTLMv2 authentication result in NT_STATUS_ACCESS_DENIED,
> even though the log suggests authentication is successful.
> Clients requesting NTLM authentication are accepted and authenticated.
> Also, cannot establish initial SMB session when packet signing enforced.
> (log not provided)

Try all this with a current subversion checkout, or 3.0.3rc1.

The ACCESS_DENIED is because the tree connect appears not to have a
valid vuid (the token returned by a session setup), which is most odd..

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040422/31c66233/attachment.bin


More information about the samba mailing list