Tompkins, Michael
2013-Oct-28 19:04 UTC
[Samba] Samba 3.6.5 not working with EMC server that only supports NTLM
Samba 3.6.5 client does not train down to plain NTLM if there is no "client ntlmv2 auth = no" statement in the smb.conf file. If the server is configured for just plain NTLM (not NTLMv2), the client will receive a login error, without the smb.conf statement. I know that smbclient 3.6.5 defaults to "client ntlmv2 auth = yes", but the lack of it should be able to login as just NTLM. This is to a EMC server. Mike
Tompkins, Michael
2013-Oct-30 13:04 UTC
[Samba] Samba 3.6.5 not working with EMC server that only supports NTLM
Any ideas on this issue? Was it fixed in later versions of 3.6.x ? This is how
our smbclient is compiled for:
smbclient: ELF 32-bit MSB shared object, PowerPC or cisco 4500, version 1
(SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.34, with
unknown capability 0x41000000 = 0x13676e75, with unknown capability 0x10000 =
0xb0402, stripped
Again, this is to a EMC NAS Server of which we have no control over configuring.
- Mike
?
?
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of Tompkins, Michael
Sent: Monday, October 28, 2013 3:05 PM
To: samba at lists.samba.org
Subject: [Samba] Samba 3.6.5 not working with EMC server that only supports NTLM
Samba 3.6.5 client does not train down to plain NTLM if there is no "client
ntlmv2 auth = no" statement in the smb.conf file. If the server is
configured for just plain NTLM (not NTLMv2), the client will receive a login
error, without the smb.conf statement. I know that smbclient 3.6.5 defaults to
"client ntlmv2 auth = yes", but the lack of it should be able to login
as just NTLM. This is to a EMC NAS server.
Mike
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Andrew Bartlett
2013-Nov-04 06:54 UTC
[Samba] Samba 3.6.5 not working with EMC server that only supports NTLM
On Mon, 2013-10-28 at 19:04 +0000, Tompkins, Michael wrote:> Samba 3.6.5 client does not train down to plain NTLM if there is no > "client ntlmv2 auth = no" statement in the smb.conf file. If the > server is configured for just plain NTLM (not NTLMv2), the client will > receive a login error, without the smb.conf statement. I know that > smbclient 3.6.5 defaults to "client ntlmv2 auth = yes", but the lack > of it should be able to login as just NTLM. This is to a EMC server.It is not possible to 'train down' to plain NTLM, without: - intorucing all the security problems using NTLMv2 was designed to avoid and - increasing the server-side bad password count by two for each failed login Additionally, Windows clients have defaulted to NTLMv2 for quite some time now. They would fail in the same way, unless there is an additional factor, which is how you should investigate this. Do you have other options such as 'client use spnego = false' set, that might be another difference with the presumably working Windows clients? As a start, get a comparative set of network traces between working Windows and failing Samba, and use as close to default set of smb.conf options as possible. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org