Andrew Bartlett wrote:
>
> Just a quick note:
>
> I finally got around to testing NTLMv2 support for NT and Win2k
> clients. The basic news is that it works. The restrictions are that
> for win2k it must be run with the 'use spnego = false' smb.conf option.
> (Without this Win2k will attempt to use NTLMSSP, where we don't yet know
> how to specify NTLMv2 support correctly).
Adding this was actually quite easy. NTLMv2 requrires certain
information in order to create the response, part of that is the
server's name and domain. This needs to be encoded in NTLMSSP. We now
do that.
LMCompatibiltyLevel=5 is now perfectly fine with a samba server.
The whole NTLMSSP area is a *mess*. It needs a big cleanup, and a lot
of different cases need to be filled out. We have a mirried of options,
most of which we don't support.
I'm also not convinced the 'trivial' RPC decoder is up to the task, but
I'll talk to tridge on that one.
> I also don't expect password changes to work, due to the same issue with
> NTLMSSP on the pipes.
Password changes do work. (tested)
Andrew Bartlett
-- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.netReceived on Sun May 26 2002 - 09:05:12 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:15:30 MST