Can Samba 3.0 do raw NTLMSSP?
Michael B Allen
ioplex at gmail.com
Sat Dec 6 22:14:36 GMT 2008
On Sat, Dec 6, 2008 at 3:52 PM, Jeremy Allison <jra at samba.org> wrote:
> On Sat, Dec 06, 2008 at 03:22:22PM -0500, Michael B Allen wrote:
>> Hi,
>>
>> Can Samba 3.0 do raw NTLMSSP without SPNEGO?
>>
>> We just implemented NTLMv2 in JCIFS and we have extended security
>> turned on by default now. But JCIFS is failing with Samba 3.0 now
>> because it the raw NTLMSSP Type1Message blob is being rejected with
>> STATUS_LOGON_FAILURE.
>
> Hmmm, I thought we did that.
>
>> Does a more recent version of Samba 3.0 support raw NTLMSSP?
>
> What version are you trying against ? We're currently
> at 3.2.5 you know, not 3.0.anything ?
Yeah, I know - 3.2.x works fine. It's just 3.0.x that looks like it
doesn't like raw NTLMSSP. If I hack all of the the flags and such to
make the Type1Message look exactly like the SPNEGO-wrapped equivalent
Type1Message sent by smbclient, it still fails. So the only difference
looks like SPNEGO.
If you're not sure, then I'll recommend that the customer try to
upgrade to the latest 3.0 and see if that makes any difference.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
More information about the samba-technical
mailing list