[Samba] SMB signing
Torbjorn Tornkvist
tnt at home.se
Thu Dec 23 10:59:38 GMT 2004
Andrew Bartlett wrote:
>On Thu, 2004-12-23 at 19:46, Torbjorn Tornkvist wrote:
>
>
>>Andrew Bartlett wrote:
>>
>>
>>
>>>On Wed, 2004-12-22 at 22:04, Tobbe wrote:
>>>
>>>
>>>
>>>
>>>>Hi,
>>>>
>>>>I wonder if it is possible to setup Samba (client or server)
>>>>to use SMB signing (without NTLMv2, NTLMSSP etc).
>>>>
>>>>I've been trying to do this by setting 'Digital Signing' as a
>>>>requirement on my Windows 2000/2003 servers. With Samba 2.x,
>>>>SMB signing seem to not be supported, with Samba 3.x I get this
>>>>NTLMSSP stuff.
>>>>
>>>>
>>>>
>>>>
>>>And what is wrong with that?
>>>
>>>
>>>
>>>
>>It's nothing wrong with that.
>>I just wanted to study how SMB signing is done and the NTLMSSP stuff
>>confuses me.
>>
>>
>
>Then simply turn it off. 'use spnego = no' on the server and 'client
>use spnego = no' for the client.
>
>
>
>>The reason for my question was that, by looking into the
>>CIFS-SNIA tech.ref, it seems that SMB signing should work with just
>>NT/LM (v1 ?) authentication.
>>
>>Another question: Does anyone know if the MAC-key (used for
>>the signing) is the same as the NT/LM-session key ?
>>
>>
>
>It is. See the Samba4 code for a bit more detail, there are a few
>things that are not quite as you might expect, mostly regarding the 'NT
>response' that should form part of the calculation.
>
>
>
Ok, thanx a lot !
Do you know if the NTLMSSP stuff is specified anywhere ?
I 've noticed that there is an RFC for SPNEGO.
Cheers, Tobbe
More information about the samba
mailing list