[Samba] SMB signing
abartlet at samba.org
Thu Dec 23 10:33:32 GMT 2004
On Thu, 2004-12-23 at 19:46, Torbjorn Tornkvist wrote:
> Andrew Bartlett wrote:
> >On Wed, 2004-12-22 at 22:04, Tobbe wrote:
> >>I wonder if it is possible to setup Samba (client or server)
> >>to use SMB signing (without NTLMv2, NTLMSSP etc).
> >>I've been trying to do this by setting 'Digital Signing' as a
> >>requirement on my Windows 2000/2003 servers. With Samba 2.x,
> >>SMB signing seem to not be supported, with Samba 3.x I get this
> >>NTLMSSP stuff.
> >And what is wrong with that?
> It's nothing wrong with that.
> I just wanted to study how SMB signing is done and the NTLMSSP stuff
> confuses me.
Then simply turn it off. 'use spnego = no' on the server and 'client
use spnego = no' for the client.
> The reason for my question was that, by looking into the
> CIFS-SNIA tech.ref, it seems that SMB signing should work with just
> NT/LM (v1 ?) authentication.
> Another question: Does anyone know if the MAC-key (used for
> the signing) is the same as the NT/LM-session key ?
It is. See the Samba4 code for a bit more detail, there are a few
things that are not quite as you might expect, mostly regarding the 'NT
response' that should form part of the calculation.
Andrew Bartlett abartlet at samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20041223/8a7f3a4f/attachment.bin
More information about the samba