[Samba] SMB signing
Andrew Bartlett
abartlet at samba.org
Thu Dec 23 10:33:32 GMT 2004
On Thu, 2004-12-23 at 19:46, Torbjorn Tornkvist wrote:
> Andrew Bartlett wrote:
>
> >On Wed, 2004-12-22 at 22:04, Tobbe wrote:
> >
> >
> >>Hi,
> >>
> >>I wonder if it is possible to setup Samba (client or server)
> >>to use SMB signing (without NTLMv2, NTLMSSP etc).
> >>
> >>I've been trying to do this by setting 'Digital Signing' as a
> >>requirement on my Windows 2000/2003 servers. With Samba 2.x,
> >>SMB signing seem to not be supported, with Samba 3.x I get this
> >>NTLMSSP stuff.
> >>
> >>
> >
> >And what is wrong with that?
> >
> >
> It's nothing wrong with that.
> I just wanted to study how SMB signing is done and the NTLMSSP stuff
> confuses me.
Then simply turn it off. 'use spnego = no' on the server and 'client
use spnego = no' for the client.
> The reason for my question was that, by looking into the
> CIFS-SNIA tech.ref, it seems that SMB signing should work with just
> NT/LM (v1 ?) authentication.
>
> Another question: Does anyone know if the MAC-key (used for
> the signing) is the same as the NT/LM-session key ?
It is. See the Samba4 code for a bit more detail, there are a few
things that are not quite as you might expect, mostly regarding the 'NT
response' that should form part of the calculation.
Andrew Bartlett
--
Andrew Bartlett abartlet at samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20041223/8a7f3a4f/attachment.bin
More information about the samba
mailing list