Package: samba Version: 4.1.17+dfsg-2
Severity: important I'm re-submitting because I don't think it liked me adding the Tags: fixed-upstream pseudo-header. Having spent the last day enabling additional debugging output, and manually decoding NTLM packets, I've come across a likely root cause for my woes: https://bugzilla.samba.org/show_bug.cgi?id=10016 The solutions for this bug include: Using the updated Samba which allows improved client security to function, forcibly downgrading security on all clients to older (vulnerable) versions of the NTLM protocol, requiring stored passwords and plain text auth via PAM instead of accounts (single sign on won't work). The included patch exists in 4.1.18 and 4.2.1+ https://www.samba.org/samba/history/samba-4.1.18.html https://www.samba.org/samba/history/samba-4.2.0.html << Note: not included, but other nice things. https://www.samba.org/samba/history/samba-4.2.1.html
