Red Hat Bugzilla – Bug 221907
Vista login problems
Last modified: 2007-11-30 17:07:27 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:126.96.36.199) Gecko/20061204 Firefox/188.8.131.52
Description of problem:
The background of this bug is the unability to authenticate Vista users (without modifying the basic settings) to a product called SME Server (www.smeserver.org), which is based on CentOS, which in term is based on Redhat. I reported this bug (as I found the problem in their forums), to their bugtracker: http://www.contribs.org/bugzilla/show_bug.cgi?id=2256. They in term explained me that the proper place to make my request was the redhat bugtracker so here I go:
On several places on the internet I find reports of users being unable/having probems to authenticate Vista systems against samba servers.
Microsoft seems to have changed their authentification protocol and does by default use raw NTLM v2 response only but Samba does not work with this setting. A workaround is to change the Vista settings like this:
1. Run secpol.msc
2. Go to: Local Policies > Security Options
3. Find “Network Security: LAN Manager authentication level”
4. Change Setting from “Send NTLMv2 response only” to “Send LM & NTLM - use NTLMv2 session security if negotiated”
As this is a workaround there is a way to authenticate Vista systems against older Samba servers, but the changelog of Samba states that this issue is fixed in version 3.0.23:
Theire changelog (http://www.samba.org/samba/history/samba-3.0.23.html) states the following:
o Andrew Bartlett
* Support raw NTLMSSP authentication for Windows Vista
I would prefer to have the suggested release of Samba to be in the base of Redhat so that it is incorporated in releases of CentOS and subsequently in SME Server releases as I think it is worth a thing or two that Vista users have no problems authenticating to samba servers.
Version-Release number of selected component (if applicable):
samba < 3.0.23
Steps to Reproduce:
Based on comments in the contribs bugtracker:
- I changed the version to 4 as this is what SME Server base architecture
depends on (CentOS 4).
- The version of Samba that is currently used in SME Server/CentOS 4 is
The patch seems to be documented here:
Date: 2005-08-02 06:36:42 +0000 (Tue, 02 Aug 2005)
New Revision: 8912
Samba 3.0 was failing from a Vista client, because it was using 'raw'
NTLMSSP (not wrapped in SPNEGO). We really should have supported this
anyway, but we got away with it for a while...
There is a correction to this patch as well:
http://lists.samba.org/archive/samba-cvs/2005-August/059729.html fixing a
created memory leak.
Vista compatibility issues are being address in the next release.
Can you test the packages in the beta channel and report if they fixes the
problem as expected?
I'm sorry can't test it, because RH doesn't have money for Windows Vista :-( .
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.