The Samba-Bugzilla – Bug 11850
NetAPP SMB servers don't negotiate NTLMSSP_SIGN
Last modified: 2016-08-02 09:59:17 UTC
Connecting to a netapp smb server results in the following with the CVE-2016-2110
ntlmssp_handle_neg_flags: Got challenge flags[0x60898205] - possible
downgrade detected! missing_flags[0x00000010] - NT code 0x80090302
SPNEGO(ntlmssp) login failed: NT code 0x80090302
session setup failed: NT code 0x80090302
0x00000010 is NTLMSSP_SIGN, which is triggered by GENSEC_FEATURE_SESSION_KEY.
Please test the patches from bug #11849, thanks!
I confirm that the patch solves the issue on Ubuntu 14.04 with Samba 4.3.8.
Fixed with 4.4.3, 4.3.9, 4.2.12.