samba - Dec 2001 - NTLM, NTLMv2, lmcompatibilitylevel >=2 doesnt work

Hi,

I'm wondering if samba supports NTLMv2, particullary NTLMv2 session
security.

But I can't even get NTLM-only to work :(.
I'm trying to increase lmcompatibilitylevel, but I can't connect to the
samba server
anymore when I set it to 2 or higher ("Send NTLM authenication only").

I'm using HEAD CVS of today, and my smb.conf looks like this:
[global]
        workgroup = WORKGROUP
        server string = Blablabla
        interfaces = 192.168.5.0/24
        log file = /var/log/samba/smbd.%m
        max log size = 1000
        time server = Yes
        socket options = TCP_NODELAY  SO_RCVBUF=8192 SO_SNDBUF=8192
        local master = No
        dns proxy = No
        lanman auth = Yes
        ntlm auth = Yes
(and the shares etc)
(oh and lanman auth = No didnt solve anything IIRC)

The client machine is W2K+SP2.
When I do a "net use k: \\smbserv\temp" Ethereal/tcpdump shows
a SMBnegprot request, reply, SMBsessionsetupX request, reply and then
the w2k client closes the tcp connection.

The eventlog show something like (translated from dutch):
"The redirector cannot initialize the properties of the securitycontext or
querycontext."

Thanks,

    Bram Matthys.

PS: Please CC as I'm not subscribed to the list (the subscribe thing online
gives a timeout and
a subscribe mail to samba-request@lists.samba.org doesn't work [not sure if
should work anyway]).

Hey guys,

Our Server have samba 2.0.6 in a Redhat linux 6.2. The workstations are 
win9x and me.  My concern is that our server is running out off hard disk 
space because the desktop, Application data folder, my document , etc. is 
being copied on the server.  I just want to know how to remove this feature 
or at least limit it.

Thanks anyway and Merry Christmas.





Sincerely yours,



Ronald Doblan
Technical Staff

Tridel Technologies, Inc.
7th Floor Hanston Building
Emerald Ave., Ortigas Center
Pasig City

Tel: (632) 634-5140 to 43
Fax: (632) 634-5139

On Sun, 23 Dec 2001, Syzop wrote:
> Hi,
>
> I'm wondering if samba supports NTLMv2, particullary NTLMv2 session
security.
Nope.  Not in the 2.2.x release branch.  There is an experiemntal (but not
very tested) implementation of it in the HEAD branch.
> But I can't even get NTLM-only to work :(.
> I'm trying to increase lmcompatibilitylevel, but I can't connect to
the samba server
> anymore when I set it to 2 or higher ("Send NTLM authenication
only").
>
> I'm using HEAD CVS of today, and my smb.conf looks like this:
Try against 2.2.x.  Just out of curiousity.  There may be some bugs there.
> (oh and lanman auth = No didnt solve anything IIRC)
It wouldn't.  I only chnges the way we check passwords.
Nothing about protocol negotiation.
> The eventlog show something like (translated from dutch): "The
> redirector cannot initialize the properties of the securitycontext or
> querycontext."












chau, jerry
 ---------------------------------------------------------------------
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN
0-672-32269-2
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--

The problem is the spnego stuff.  The win2k machine attempts to
negotiate ntlmv2 etc, and we keep seending back the same old stuff. 
This area needs a *lot* of work.

Try it with 'use spnego = false' and see how far you get.

I need to take a closer look at this at some stage...

Andrew Bartlett

Syzop wrote:
> 
> Hi,
> 
> I'm wondering if samba supports NTLMv2, particullary NTLMv2 session
security.
> 
> But I can't even get NTLM-only to work :(.
> I'm trying to increase lmcompatibilitylevel, but I can't connect to
the samba server
> anymore when I set it to 2 or higher ("Send NTLM authenication
only").
> 
> I'm using HEAD CVS of today, and my smb.conf looks like this:
> [global]
>         workgroup = WORKGROUP
>         server string = Blablabla
>         interfaces = 192.168.5.0/24
>         log file = /var/log/samba/smbd.%m
>         max log size = 1000
>         time server = Yes
>         socket options = TCP_NODELAY  SO_RCVBUF=8192 SO_SNDBUF=8192
>         local master = No
>         dns proxy = No
>         lanman auth = Yes
>         ntlm auth = Yes
> (and the shares etc)
> (oh and lanman auth = No didnt solve anything IIRC)
> 
> The client machine is W2K+SP2.
> When I do a "net use k: \\smbserv\temp" Ethereal/tcpdump shows
> a SMBnegprot request, reply, SMBsessionsetupX request, reply and then
> the w2k client closes the tcp connection.
> 
> The eventlog show something like (translated from dutch):
> "The redirector cannot initialize the properties of the
securitycontext or querycontext."
> 
> Thanks,
> 
>     Bram Matthys.
> 
> PS: Please CC as I'm not subscribed to the list (the subscribe thing
online gives a timeout and
> a subscribe mail to samba-request@lists.samba.org doesn't work [not
sure if should work anyway]).
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net