16067 – Require NTLMv2 session security on Windows makes trusts to Samba unusable

Bug 16067 - Require NTLMv2 session security on Windows makes trusts to Samba unusable

Summary: Require NTLMv2 session security on Windows makes trusts to Samba unusable

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.24.2
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:	https://gitlab.com/samba-team/samba/-...
Keywords:

Depends on:
Blocks:

Reported:	2026-05-05 13:59 UTC by Stefan Metzmacher
Modified:	2026-05-12 15:55 UTC (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Metzmacher 2026-05-05 13:59:58 UTC

If a Windows server uses 'Require NTLMv2 session security'
it means anonymous NTLMSSP results in NT_STATUS_NOT_SUPPORTED.

It means winbindd is not able to talk to such a dc as
it always tries to open an smb connection to ipc$ even
if it only uses ncacn_ip_tcp.

Comment 1 Samba QA Contact 2026-05-10 23:23:11 UTC

This bug was referenced in samba master:

c63880a1ec3e930dca1a511f4610a94483418e01

Comment 2 Samba QA Contact 2026-05-12 14:58:18 UTC

This bug was referenced in samba v4-24-test:

11bb0401497dac6c79e4c8e7c8d565648cf2a0a9

Comment 3 Samba QA Contact 2026-05-12 15:55:55 UTC

This bug was referenced in samba v4-24-stable (Release samba-4.24.2):

11bb0401497dac6c79e4c8e7c8d565648cf2a0a9