When authenticating to a domain joined samba server with NTLMv2 from a Windows 7 client, a valid password is being denied. The same request succeeded with NTLMv1. The key to this repro is accessing the server via a hostname so Windows 7 adds a SPN to the target information section of the NTLMv2 Response. After looking at the trace and the code, it seems as though the nt_response field is being truncated to 256 bytes when being packed into the winbindd_request in check_winbind_security(). I'm unsure of the best way to fix this since it's inside the winbindd IPC layer and the interface is not versioned.
Created attachment 4617 [details] pcap showing the behavior. I'm attaching a pcap showing the nt_response field > 256 bytes.
Ok, this is a bug as nt_response is treated as an fstring (static 256 byte char array) in the winbind_request structure.
Created attachment 4619 [details] support large ntlm2 blobs in wbcAuthenticateUserEx(). Could you please try this patch ?
patch is not sufficient, hold on.
Created attachment 4620 [details] revised version of that patch
Comment on attachment 4620 [details] revised version of that patch Looks good now.
Created attachment 4621 [details] revised version of that patch, now tested and working.
Dan, could you please test that final fix (that also went upstream to master git branch already) ? It fixes the issue here.
Karolin, reassigning to you, this absolutely needs to be in 3.4/3.3 in order to support samba member-servers running winbind and clients using ntlmv2 (default in win7).
Pushed. Closing out bug report. Dan, please reopen if it's still an issue. Thanks!
I pulled down master and it now works. Thanks!
Cool, thanks for verifiying!