ntlmssp errors against El Capitan's SMB Server
Jeremy Allison
jra at samba.org
Thu Sep 1 18:57:58 UTC 2016
On Thu, Sep 01, 2016 at 03:02:06PM +0200, Stefan Metzmacher wrote:
>
> These don't work as Jeremy's original patch also doesn't (at for me).
Not surprised, my patch was deduced by "PURE LOGIC (tm)" without
access to an El Capitan server :-). I'm trying to get access to
one to figure out the exact details.
> The HACK patch with the unknown OID is rejected with LOGON_FAILURE
> by the Apple server, while the downgrade to the known NTLMSSP oid
> works as expected against Windows.
>
> The attached patch (tmp.diff.txt) fixes the problem for me against
> an Apple server, can anyone test against Azure?
Did you test this patch running against the Apple server with
smbclient requiring SMB signing ? With this patch that will fail
right ?
(we'll still expect the mechListMic and the server doesn't
ever send it).
> The new "HACK: source3/libsmb/cliconnect.c require GENSEC_FEATURE_SIGN"
> patch
> shows that still trigger the ACCESS_DENIED if GENSEC_FEATURE_SIGN is
> requested.
Does the Windows client fail against the Apple server is signing
is required ? Or do they enforce a mechListMic check in this case ?
More information about the samba-technical
mailing list