Bug 13045 - Authentication fails on Windows 10 with "Send LM & NTLM - use NTLMv2 session security if negotiated"
Summary: Authentication fails on Windows 10 with "Send LM & NTLM - use NTLMv2 session ...
Status: RESOLVED INVALID
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.7.0rc6
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-20 23:16 UTC by Justin Maggard
Modified: 2018-03-13 21:31 UTC (History)
2 users (show)

See Also:


Attachments
Wireshark capture of login attempt (4.15 KB, application/vnd.tcpdump.pcap)
2017-09-20 23:16 UTC, Justin Maggard
no flags Details
Debug level 10 log (12.77 KB, application/x-xz)
2017-09-20 23:17 UTC, Justin Maggard
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Justin Maggard 2017-09-20 23:16:59 UTC
Created attachment 13617 [details]
Wireshark capture of login attempt

With the current Samba default "ntlm auth" setting of ntlmv2-only, authentication fails from Windows 10 clients if they have "Network security: LAN Manager authentication level" set to "Send LM & NTLM - use NTLMv2 session security if negotiated.

I am able to authenticate if I change "ntlm auth" to ntlmv1-permitted, or if I change the Windows "Network security: LAN Manager authentication level" policy to "Send NTLMv2 response only".
Comment 1 Justin Maggard 2017-09-20 23:17:58 UTC
Created attachment 13618 [details]
Debug level 10 log
Comment 2 Stefan Metzmacher 2018-03-13 21:31:21 UTC
I think this is actually the expected result.
NTLMv2 Session Security, is not full "NTLMv2" authentication.
it's just NTLMv1 + a bit more advanced session key generation.

Please reopen if you really think it's a bug.