Bug 5134 - Samba domain cannot trust NT4 domain using NTLMv2 authentication
Summary: Samba domain cannot trust NT4 domain using NTLMv2 authentication
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.27
Hardware: x86 FreeBSD
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2007-12-10 11:40 UTC by Aaron J. Zirbes (mail account dead)
Modified: 2018-12-09 16:59 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Aaron J. Zirbes (mail account dead) 2007-12-10 11:40:15 UTC
When the NTLMv2 authentication requirements are turned on, both in the NT4 and also in the Samba domain, the inter-domain trust breaks.

Steps to replicate:

Setup NT4 Domain using a Windows NT4 Server, upgrade to SP6a (NTDOM)
Enable NTLMv2
Disable LanMan support

Setup Samba Domain using Samba 3.0.27, with winbindd enabled (SMBDOM)

Enable the following items in smb.conf
   ntlm auth = no
   lanman auth = no
   client plaintext auth = no
   client lanman auth = no
   client ntlmv2 auth = yes
   client schannel = yes
   server schannel = yes
   client signing = auto
   server signing = auto

Domain Trust fails in the check_ntlm_password routine.
Comment 1 Björn Jacke 2009-10-15 17:02:57 UTC
sorry for the long period of silence here.

do you have a chance to test with the latest 3.3 or the upcoming 3.4.3 release? There are numerous trust fixes in there.
Comment 2 Björn Jacke 2018-12-09 16:59:13 UTC
ntlmv2 and trusts work these days.