Bug 11850 - NetAPP SMB servers don't negotiate NTLMSSP_SIGN
Summary: NetAPP SMB servers don't negotiate NTLMSSP_SIGN
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: 4.4.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Stefan Metzmacher
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on: 11849
Blocks:
  Show dependency treegraph
 
Reported: 2016-04-18 14:45 UTC by Stefan Metzmacher
Modified: 2016-08-02 09:59 UTC (History)
5 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2016-04-18 14:45:30 UTC
Connecting to a netapp smb server results in the following with the CVE-2016-2110
patches:

ntlmssp_handle_neg_flags: Got challenge flags[0x60898205] - possible
downgrade detected! missing_flags[0x00000010] - NT code 0x80090302
  NTLMSSP_NEGOTIATE_SIGN
  SPNEGO(ntlmssp) login failed: NT code 0x80090302
  session setup failed: NT code 0x80090302

0x00000010 is NTLMSSP_SIGN, which is triggered by GENSEC_FEATURE_SESSION_KEY.
Comment 1 Stefan Metzmacher 2016-04-28 03:30:24 UTC
Please test the patches from bug #11849, thanks!
Comment 2 Dariusz Gadomski 2016-04-28 11:30:11 UTC
I confirm that the patch solves the issue on Ubuntu 14.04 with Samba 4.3.8.
Comment 3 Stefan Metzmacher 2016-08-01 07:39:37 UTC
Fixed with 4.4.3, 4.3.9, 4.2.12.