Bug 13045 - Authentication fails on Windows 10 with "Send LM & NTLM - use NTLMv2 session security if negotiated"
Summary: Authentication fails on Windows 10 with "Send LM & NTLM - use NTLMv2 session ...
Status: RESOLVED INVALID
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.7.0rc6
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-20 23:16 UTC by Justin Maggard
Modified: 2018-03-13 21:31 UTC (History)
2 users (show)

See Also:

Attachments
Wireshark capture of login attempt (4.15 KB, application/vnd.tcpdump.pcap)
2017-09-20 23:16 UTC, Justin Maggard 		no flags Details
Debug level 10 log (12.77 KB, application/x-xz)
2017-09-20 23:17 UTC, Justin Maggard 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Justin Maggard 2017-09-20 23:16:59 UTC 
Created attachment 13617 [details]
Wireshark capture of login attempt

With the current Samba default "ntlm auth" setting of ntlmv2-only, authentication fails from Windows 10 clients if they have "Network security: LAN Manager authentication level" set to "Send LM & NTLM - use NTLMv2 session security if negotiated.

I am able to authenticate if I change "ntlm auth" to ntlmv1-permitted, or if I change the Windows "Network security: LAN Manager authentication level" policy to "Send NTLMv2 response only".
Comment 1 Justin Maggard 2017-09-20 23:17:58 UTC 
Created attachment 13618 [details]
Debug level 10 log
Comment 2 Stefan Metzmacher 2018-03-13 21:31:21 UTC 
I think this is actually the expected result.
NTLMv2 Session Security, is not full "NTLMv2" authentication.
it's just NTLMv1 + a bit more advanced session key generation.

Please reopen if you really think it's a bug.