Project

General

Profile

Actions

Bug #5308

closed

Unable to join AD domain (with NtlmMinSeverSec set in the registry)

Added by Gordon Ross over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Start date:
2014-11-11
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

The failure is related to this bit:

If you use 0x00080000 for the NtlmMinClientSec value, the connection does not succeed if NTLM 2 session security is not negotiated.
http://support.microsoft.com/kb/239869

We have successfully joined with the setting using 0 and also during a second test with the other bits set:

"ntlmminclientsec"=dword:20000030
"ntlmminserversec"=dword:20000030

Actions #1

Updated by Gordon Ross over 7 years ago

Need to implement "NTLM 2 session security", a.k.a. "extended session security" for NTLMv1, and "key exchange", per [MS-NLMP]

Actions #2

Updated by Electric Monk over 7 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 85e6b6747d07050e01ec91acef2453655821f9ab

commit  85e6b6747d07050e01ec91acef2453655821f9ab
Author: Gordon Ross <gwr@nexenta.com>
Date:   2014-11-12T19:29:11.000Z

    5308 Unable to join AD domain (with NtlmMinSeverSec set in the registry)
    Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
    Reviewed by: Dan McDonald <danmcd@nexenta.com>
    Reviewed by: Thomas Keiser <thomas.keiser@nexenta.com>
    Reviewed by: Albert Lee <trisk@nexenta.com>
    Approved by: Dan McDonald <danmcd@omniti.com>

Actions

Also available in: Atom PDF