Neal K.Groothuis
2004-Jul-09 21:24 UTC
[Samba] NTLMv2 Authentication fails on domain member servers
Hello, I'm having some issues with getting NTLMv2 authentication working, and I thought you might be able to help. I've got a Windows XP Pro client machine trying to access shares on a domain member server running Samba. (Both the domain member server and the PDC are running Samba 3.0.4.) The XP machine is by default configured to use NTLMv2 for authentication, but that fails when I'm trying to access shares on the domain member server. However, it works when I'm accessing shares on the PDC itself. Alternatively, this works if I allow the XP machine to use NTLM authentication. Has anyone else run into this issue and/or have any workarounds for it? I know that there were issues previously with using NTLMv2 only with a Samba PDC, but according to the Changelog, that bug was fixed in 3.0.3. Thanks!
Andrew Bartlett
2004-Jul-22 00:54 UTC
[Samba] NTLMv2 Authentication fails on domain member servers
On Sat, 2004-07-10 at 07:24, Neal K.Groothuis wrote:> Hello, > > I'm having some issues with getting NTLMv2 authentication working, and > I thought you might be able to help. I've got a Windows XP > Pro client machine trying to access shares on a domain member server > running Samba. (Both the domain member server and the PDC > are running Samba 3.0.4.) The XP machine is by default configured to > use NTLMv2 for authentication, but that fails when I'm trying to access > shares on the domain member server. However, it works when I'm > accessing shares on the PDC itself. Alternatively, this works if I > allow the > XP machine to use NTLM authentication. Has anyone else run into this > issue and/or have any workarounds for it? I know that there were > issues previously with using NTLMv2 only with a Samba PDC, but > according to the Changelog, that bug was fixed in 3.0.3.Can you give me more details on this? I thought NTLMv2 was working everywhere - and the domain member really should not break it, as it just forwards things on. The one thing that *will* break it is 'username map'. If that's not in use, please send me some logs (CC me, I don't follow this list all the time) and I'll see if I can understand what's up... Andrew Bartlett -- Andrew Bartlett abartlet@samba.org Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040722/66222b0e/attachment.bin