Hi Shirish,
On Tue, 30 Nov 2010, Shirish Pargaonkar wrote:
On Tue, Nov 30, 2010 at 7:35 AM, Robbert Kouprie <robbert@xxxxxx> wrote:
Here is an overview of what I tested:
2 ) 2008 (+DF 2008 (+DFS)
NTLM (1) OK OK
NTLMv2 (1) (2) (2)
NTLMSSP (3) (3) (3)
1 = Fails with "Required key not available"
2 = Fails with "NT_STATUS_INVALID_PARAMETER"
3 = Fails with "NT_STATUS_NOT_SUPPORTED"
I will send you some detailed logs and pcaps off-list.
Regards,
Robbert
This is strange wrt ntlmssp. In negotiate protocol response, server
does state NTLMSSP as one of the mechanism types.
It must be related to bits in flag2 that that client sends in type 1 ntlmssp
session setup that server eitther expects from client but is missing or
does not support/like one of the flags2 bits.
Is 10.0.0.7 a box that runs cifs client?
Yes, 10.0.0.7 is an Debian box with vanilla 2.6.37-rc3 kernel and
mount.cifs 4.5.
ntlmv2 is not going to work as it is against Windows 2008, it will return
invalid parameter error.
Jeff Layton had pointed to this which you can try (I have not tried it yet)
http://support.microsoft.com/kb/957441/en-us
Ok, this registry fix indeed fixes mount.cifs sec=ntlmv2 auth on
both my 2008 and 2008R2 DC's.
So, now I have:
2003sp2 2008r2 (+DFS) 2008 (+DFS)
NTLM (1) OK OK
NTLMv2 (1) OK(2) OK(2)
NTLMSSP (3) (3) (3)
1 = Fails with "Required key not available"
2 = Works after applying KB957441 regfix on DC's
3 = Fails with "NT_STATUS_NOT_SUPPORTED"
Do you also have an idea on (1), the resolving problem?
Best regards,
Robbert
