Bug 12862 - Fix for a bug in MacOS X Sierra NTLMv2 processing
Summary: Fix for a bug in MacOS X Sierra NTLMv2 processing
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: 4.6.5
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL: https://lists.samba.org/archive/samba...
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-24 11:12 UTC by Stefan Metzmacher
Modified: 2017-06-29 07:42 UTC (History)
1 user (show)

See Also:


Attachments
Possible patch for master (1.61 KB, patch)
2017-06-24 11:19 UTC, Stefan Metzmacher
no flags Details
git-am fix for 4.6.next, 4.5.next. (1.83 KB, patch)
2017-06-27 23:43 UTC, Jeremy Allison
metze: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2017-06-24 11:12:09 UTC
From https://lists.samba.org/archive/samba-technical/2017-June/121241.html:

Found at the plugfest. The Apple MacOS X Sierra SMB2
server has a bug. It only supports NTLMv2 but doesn't
negotiate it in the chal_flags returned to the client.

Windows clients work as use NTLMv2 by default and ignore
the negotiate but. Here is a patch that adds a tunable
ntlmssp_client:force ntlmv2 (default off) that allows
smbclient, libsmbclient and associated tools to still
connect to the MacOS X Sierra SMB2 server.

I'm ambivilent about this - this is a server bug, but
until they fix it no Samba client tools can connect to
this server without this fix.

We get:

ntlmssp_handle_neg_flags: Got challenge flags[0x22810205] - possible downgrade detected! missing_flags[0x00080000] - NT code 0x80090302
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
SPNEGO(ntlmssp) login failed: NT code 0x80090302
session setup failed: NT code 0x80090302

Should I log a Samba bug ? Do we want this patch ?

Comments welcome.

Jeremy,
Comment 1 Stefan Metzmacher 2017-06-24 11:19:16 UTC
Created attachment 13307 [details]
Possible patch for master
Comment 2 Jeremy Allison 2017-06-27 23:43:12 UTC
Created attachment 13321 [details]
git-am fix for 4.6.next, 4.5.next.

Cherry-picked from master.
Comment 3 Karolin Seeger 2017-06-28 09:20:15 UTC
(In reply to Jeremy Allison from comment #2)
Pushed to autobuild-v4-{6,5}-test.
Comment 4 Karolin Seeger 2017-06-29 07:42:56 UTC
(In reply to Karolin Seeger from comment #3)
Pushed to both branches.
Closing out bug report.

Thanks!