[Samba] NTLMSSP Sign/Seal - using NTLM1

Vincent techburgher at gmail.com
Mon Jul 10 20:47:35 UTC 2023 

Would a packet capture help? If so, can this be shared directly?

Thank you,

Vincent

On Mon, Jul 10, 2023 at 4:44 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

>
>
> On 10/07/2023 21:21, Vincent via samba wrote:
> > Hello,
> >
> > We have a customer that is using Samba version 4.7.12 and Windows 10
> > clients. When they initiate connections, they are very slow to
> authenticate
> > (several minutes). It does not readily appear there are network
> > connectivity issues.
> >
> > Of possible note, the following log sequence is, repeatedly, observed
> > within the Samba debug logs:
> >
> > [2023/07/06 11:14:15.676774,  3, pid=2118992, effective(0, 0), real(0,
> 0)]
> > ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
> >    NTLMSSP Sign/Seal - Initialising with flags:
> > [2023/07/06 11:14:15.676783,  3, pid=2118992, effective(0, 0), real(0,
> 0)]
> > ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
> >    Got NTLMSSP neg_flags=0x62008a15
> >      NTLMSSP_NEGOTIATE_UNICODE
> >      NTLMSSP_REQUEST_TARGET
> >      NTLMSSP_NEGOTIATE_SIGN
> >      NTLMSSP_NEGOTIATE_NTLM
> >      NTLMSSP_ANONYMOUS
> >      NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> >      NTLMSSP_NEGOTIATE_VERSION
> >      NTLMSSP_NEGOTIATE_128
> >      NTLMSSP_NEGOTIATE_KEY_EXCH
> > [2023/07/06 11:14:15.676809,  5, pid=2118992, effective(0, 0), real(0,
> 0)]
> > ../auth/ntlmssp/ntlmssp_sign.c:633(ntlmssp_sign_reset)
> >    *NTLMSSP Sign/Seal - using NTLM1*
> > [2023/07/06 11:14:15.786392,  3, pid=2118992, effective(0, 0), real(0,
> 0)]
> > ../source3/libsmb/cliconnect.c:1678(cli_session_setup_creds_done_spnego)
> >    SPNEGO login failed: The request is not supported.
> >
> > What would cause the client to use NTLM1 for signing and sealing? Is this
> > due to the NTLMSSP_NEGOTIATE_SEAL flag not being set? Is this even an
> > issue? I presume it may be problematic, due to the subsequent "SPNEGO
> login
> > failed" message.
> >
> > Thank you,
> >
> > Vincent
>
> I am sorry, but we are going to need a lot more info before we can even
> begin to get to the bottom of this, but I will say that Samba 4.7.6 is
> ancient from the Samba point of view.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list