If Samba is configured to only accept NTLMv2 logins, the interactive login (from the NT Ctrl+Alt+Del) will be rejected. Likewise, pam_winbind logins to a PDC with just a configuration will be rejected. This is because we translate this into an LM challenge-response before dealing with these on the network. Proposed Solution: - always use the *interactive* logon type (secured with schannel if required) when authenticating a suitable login against another DC. - compare the plaintext or OWF values of the password directly with the hash in the database - don't make a challenge-response of it for 'sam' auth. - if we must make a challenge-response, use the client options to decide what type to use.
Created attachment 460 [details] Fix this for interactive logons This patch fixes the issue when we are a PDC, but does not fix the issue when we are passing on logon info to another DC.
The server-side interactive logon part of this bug has been fixed.
This bug is probably fixed by now.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.