On Thu, 2004-12-23 at 19:46, Torbjorn Tornkvist wrote: > Andrew Bartlett wrote: > > >On Wed, 2004-12-22 at 22:04, Tobbe wrote: > > > > > >>Hi, > >> > >>I wonder if it is possible to setup Samba (client or server) > >>to use SMB signing (without NTLMv2, NTLMSSP etc). > >> > >>I've been trying to do this by setting 'Digital Signing' as a > >>requirement on my Windows 2000/2003 servers. With Samba 2.x, > >>SMB signing seem to not be supported, with Samba 3.x I get this > >>NTLMSSP stuff. > >> > >> > > > >And what is wrong with that? > > > > > It's nothing wrong with that. > I just wanted to study how SMB signing is done and the NTLMSSP stuff > confuses me.
Then simply turn it off. 'use spnego = no' on the server and 'client use spnego = no' for the client. > The reason for my question was that, by looking into the > CIFS-SNIA tech.ref, it seems that SMB signing should work with just > NT/LM (v1 ?) authentication. > > Another question: Does anyone know if the MAC-key (used for > the signing) is the same as the NT/LM-session key ? It is. See the Samba4 code for a bit more detail, there are a few things that are not quite as you might expect, mostly regarding the 'NT response' that should form part of the calculation. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
