Just a quick note: I finally got around to testing NTLMv2 support for NT and Win2k clients. The basic news is that it works. The restrictions are that for win2k it must be run with the 'use spnego = false' smb.conf option. (Without this Win2k will attempt to use NTLMSSP, where we don't yet know how to specify NTLMv2 support correctly).
I also don't expect password changes to work, due to the same issue with NTLMSSP on the pipes. However, for basic applications, this is functional. Note: further work needs to be done on samba's server end, currently it does not verify all the data, and therefore still permits MITM attacks. Secondly, we need to port the NTLMv2 support for the *client* end across from TNG (where we got the server end). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net