Andrew Bartlett wrote:
On Thu, 2004-12-23 at 19:46, Torbjorn Tornkvist wrote:
Andrew Bartlett wrote:
On Wed, 2004-12-22 at 22:04, Tobbe wrote:
Hi,
I wonder if it is possible to setup Samba (client or server)
to use SMB signing (without NTLMv2, NTLMSSP etc).
I've been trying to do this by setting 'Digital Signing' as a
requirement on my Windows 2000/2003 servers. With Samba 2.x,
SMB signing seem to not be supported, with Samba 3.x I get this
NTLMSSP stuff.
And what is wrong with that?
It's nothing wrong with that.
I just wanted to study how SMB signing is done and the NTLMSSP stuff
confuses me.
Then simply turn it off. 'use spnego = no' on the server and 'client
use spnego = no' for the client.
The reason for my question was that, by looking into the
CIFS-SNIA tech.ref, it seems that SMB signing should work with just
NT/LM (v1 ?) authentication.
Another question: Does anyone know if the MAC-key (used for
the signing) is the same as the NT/LM-session key ?
It is. See the Samba4 code for a bit more detail, there are a few
things that are not quite as you might expect, mostly regarding the 'NT
response' that should form part of the calculation.
Ok, thanx a lot !
Do you know if the NTLMSSP stuff is specified anywhere ?
I 've noticed that there is an RFC for SPNEGO.
Cheers, Tobbe
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
