The Samba-Bugzilla – Bug 5134
Samba domain cannot trust NT4 domain using NTLMv2 authentication
Last modified: 2018-12-09 16:59:13 UTC
When the NTLMv2 authentication requirements are turned on, both in the NT4 and also in the Samba domain, the inter-domain trust breaks.
Steps to replicate:
Setup NT4 Domain using a Windows NT4 Server, upgrade to SP6a (NTDOM)
Disable LanMan support
Setup Samba Domain using Samba 3.0.27, with winbindd enabled (SMBDOM)
Enable the following items in smb.conf
ntlm auth = no
lanman auth = no
client plaintext auth = no
client lanman auth = no
client ntlmv2 auth = yes
client schannel = yes
server schannel = yes
client signing = auto
server signing = auto
Domain Trust fails in the check_ntlm_password routine.
sorry for the long period of silence here.
do you have a chance to test with the latest 3.3 or the upcoming 3.4.3 release? There are numerous trust fixes in there.
ntlmv2 and trusts work these days.