5134 – Samba domain cannot trust NT4 domain using NTLMv2 authentication

Bug 5134 - Samba domain cannot trust NT4 domain using NTLMv2 authentication

Summary: Samba domain cannot trust NT4 domain using NTLMv2 authentication

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	winbind (show other bugs)
Version:	3.0.27
Hardware:	x86 FreeBSD

Importance:	P3 normal
Target Milestone:	none
Assignee:	Samba Bugzilla Account
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2007-12-10 11:40 UTC by Aaron J. Zirbes (mail account dead)
Modified:	2018-12-09 16:59 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Aaron J. Zirbes (mail account dead) 2007-12-10 11:40:15 UTC

When the NTLMv2 authentication requirements are turned on, both in the NT4 and also in the Samba domain, the inter-domain trust breaks.


Steps to replicate:

Setup NT4 Domain using a Windows NT4 Server, upgrade to SP6a (NTDOM)
Enable NTLMv2
http://support.microsoft.com/kb/239869
Disable LanMan support
http://support.microsoft.com/kb/147706

Setup Samba Domain using Samba 3.0.27, with winbindd enabled (SMBDOM)

Enable the following items in smb.conf
   ntlm auth = no
   lanman auth = no
   client plaintext auth = no
   client lanman auth = no
   client ntlmv2 auth = yes
   client schannel = yes
   server schannel = yes
   client signing = auto
   server signing = auto

Domain Trust fails in the check_ntlm_password routine.

Comment 1 Björn Jacke 2009-10-15 17:02:57 UTC

sorry for the long period of silence here.

do you have a chance to test with the latest 3.3 or the upcoming 3.4.3 release? There are numerous trust fixes in there.

Comment 2 Björn Jacke 2018-12-09 16:59:13 UTC

ntlmv2 and trusts work these days.