On Sat, Dec 6, 2008 at 3:52 PM, Jeremy Allison <jra@xxxxxxxxx> wrote:
> On Sat, Dec 06, 2008 at 03:22:22PM -0500, Michael B Allen wrote:
>> Can Samba 3.0 do raw NTLMSSP without SPNEGO?
>> We just implemented NTLMv2 in JCIFS and we have extended security
>> turned on by default now. But JCIFS is failing with Samba 3.0 now
>> because it the raw NTLMSSP Type1Message blob is being rejected with
> Hmmm, I thought we did that.
>> Does a more recent version of Samba 3.0 support raw NTLMSSP?
> What version are you trying against ? We're currently
> at 3.2.5 you know, not 3.0.anything ?
Yeah, I know - 3.2.x works fine. It's just 3.0.x that looks like it
doesn't like raw NTLMSSP. If I hack all of the the flags and such to
make the Type1Message look exactly like the SPNEGO-wrapped equivalent
Type1Message sent by smbclient, it still fails. So the only difference
looks like SPNEGO.
If you're not sure, then I'll recommend that the customer try to
upgrade to the latest 3.0 and see if that makes any difference.
Michael B Allen
PHP Active Directory SPNEGO SSO