Bug 5134 - Samba domain cannot trust NT4 domain using NTLMv2 authentication
Samba domain cannot trust NT4 domain using NTLMv2 authentication
Status: NEW
Product: Samba 3.0
Classification: Unclassified
Component: winbind
x86 FreeBSD
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2007-12-10 11:40 UTC by Aaron J. Zirbes
Modified: 2009-10-15 17:02 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Aaron J. Zirbes 2007-12-10 11:40:15 UTC
When the NTLMv2 authentication requirements are turned on, both in the NT4 and also in the Samba domain, the inter-domain trust breaks.

Steps to replicate:

Setup NT4 Domain using a Windows NT4 Server, upgrade to SP6a (NTDOM)
Enable NTLMv2
Disable LanMan support

Setup Samba Domain using Samba 3.0.27, with winbindd enabled (SMBDOM)

Enable the following items in smb.conf
   ntlm auth = no
   lanman auth = no
   client plaintext auth = no
   client lanman auth = no
   client ntlmv2 auth = yes
   client schannel = yes
   server schannel = yes
   client signing = auto
   server signing = auto

Domain Trust fails in the check_ntlm_password routine.
Comment 1 Björn Jacke 2009-10-15 17:02:57 UTC
sorry for the long period of silence here.

do you have a chance to test with the latest 3.3 or the upcoming 3.4.3 release? There are numerous trust fixes in there.