Bug 221907 - Vista login problems
Vista login problems
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: samba (Show other bugs)
4.0
All Linux
medium Severity low
: ---
: ---
Assigned To: Simo Sorce
David Lawrence
http://www.contribs.org/viewtopic.php...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-08 15:38 EST by Jonathan Martens
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version: RHEA-2007-0698
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-15 11:14:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jonathan Martens 2007-01-08 15:38:24 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1

Description of problem:
The background of this bug is the unability to authenticate Vista users (without modifying the basic settings) to a product called SME Server (www.smeserver.org), which is based on CentOS, which in term is based on Redhat. I reported this bug (as I found the problem in their forums), to their bugtracker: http://www.contribs.org/bugzilla/show_bug.cgi?id=2256. They in term explained me that the proper place to make my request was the redhat bugtracker so here I go:

On several places on the internet I find reports of users being unable/having probems to authenticate Vista systems against samba servers.

Microsoft seems to have changed their authentification protocol and does by default use raw NTLM v2 response only but Samba does not work with this setting. A workaround is to change the Vista settings like this:

1. Run secpol.msc
2. Go to: Local Policies > Security Options
3. Find “Network Security: LAN Manager authentication level”
4. Change Setting from “Send NTLMv2 response only” to “Send LM & NTLM - use NTLMv2 session security if negotiated”

As this is a workaround there is a way to authenticate Vista systems against older Samba servers, but the changelog of Samba states that this issue is fixed in version 3.0.23: 

Theire changelog (http://www.samba.org/samba/history/samba-3.0.23.html) states the following:

o   Andrew Bartlett 
    * Support raw NTLMSSP authentication for Windows Vista 
      clients.

I would prefer to have the suggested release of Samba to be in the base of Redhat so that it is incorporated in releases of CentOS and subsequently in SME Server releases as I think it is worth a thing or two that Vista users have no problems authenticating to samba servers.

Version-Release number of selected component (if applicable):
samba < 3.0.23

How reproducible:
Didn't try


Steps to Reproduce:


Actual Results:


Expected Results:


Additional info:
Comment 1 Jonathan Martens 2007-01-08 16:22:12 EST
Based on comments in the contribs bugtracker:
- I changed the version to 4 as this is what SME Server base architecture
depends on (CentOS 4).
- The version of Samba that is currently used in SME Server/CentOS 4 is
samba-3.0.10-1.4E.9.

The patch seems to be documented here:
http://lists.samba.org/archive/samba-cvs/2005-August/059728.html: 

"Author: abartlet
Date: 2005-08-02 06:36:42 +0000 (Tue, 02 Aug 2005)
New Revision: 8912

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=8912

Log:
Samba 3.0 was failing from a Vista client, because it was using 'raw'
NTLMSSP (not wrapped in SPNEGO).  We really should have supported this
anyway, but we got away with it for a while...

Andrew Bartlett"
Comment 2 Jonathan Martens 2007-01-08 16:24:09 EST
There is a correction to this patch as well:
http://lists.samba.org/archive/samba-cvs/2005-August/059729.html fixing a
created memory leak.
Comment 3 Simo Sorce 2007-09-12 11:01:11 EDT
Vista compatibility issues are being address in the next release.
Can you test the packages in the beta channel and report if they fixes the
problem as expected?
Comment 8 Josef Kubin 2007-10-22 17:26:54 EDT
I'm sorry can't test it, because RH doesn't have money for Windows Vista :-( .
Comment 10 errata-xmlrpc 2007-11-15 11:14:50 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2007-0698.html

Note You need to log in before you can comment on or make changes to this bug.