Bug#787773: marked as done (Samba 4 upstream versions 4.1.18 / 4.2.1+ (stable) reportedly fix ntlm_auth NTLMv2 failures)

Sun, 16 Jul 2017 18:18:45 -0700 

Your message dated Mon, 17 Jul 2017 13:14:24 +1200
with message-id <[email protected]>
and subject line Samba 4.2 contains NTLMv2 fixes
has caused the Debian Bug report #787772,
regarding Samba 4 upstream versions 4.1.18 / 4.2.1+ (stable) reportedly fix 
ntlm_auth NTLMv2 failures
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
787772: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787772
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: samba

Version: 4.1.17+dfsg-2

Severity: important

Tags: fixed-upstream

 

Having spent the last day enabling additional debugging output, and manually
decoding NTLM packets, I've come across a likely root cause for my woes:

 

https://bugzilla.samba.org/show_bug.cgi?id=10016

 

The solutions for this bug include: Using the updated Samba which allows
improved client security to function, forcibly downgrading security on all
clients to older (vulnerable) versions of the NTLM protocol, requiring
stored passwords and plain text auth via PAM instead of accounts (single
sign on won't work).

 

The included patch exists in 4.1.18 and 4.2.1+

 

https://www.samba.org/samba/history/samba-4.1.18.html 

https://www.samba.org/samba/history/samba-4.2.0.html << Note: not included,
but other nice things.

https://www.samba.org/samba/history/samba-4.2.1.html

--- End Message ---
--- Begin Message --- 
Samba 4.2.14 was forced into jessie via a security update for
'backlock',
so this is now fixed in all distributions. 

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

--- End Message ---

Reply via email to