Index: samba-3.0.24/source/auth/auth_compat.c =================================================================== --- samba-3.0.24.orig/source/auth/auth_compat.c 2007-02-08 08:01:57.000000000 -0600 +++ samba-3.0.24/source/auth/auth_compat.c 2007-02-08 08:02:08.000000000 -0600 @@ -92,18 +92,25 @@ check if a username/password pair is ok via the auth subsystem. return True if the password is correct, False otherwise ****************************************************************************/ + BOOL password_ok(char *smb_name, DATA_BLOB password_blob) { DATA_BLOB null_password = data_blob(NULL, 0); - BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24); + BOOL encrypted = (global_encrypted_passwords_negotiated && (password_blob.length == 24 || password_blob.length > 46)); if (encrypted) { /* * The password could be either NTLM or plain LM. Try NTLM first, * but fall-through as required. - * NTLMv2 makes no sense here. + * Vista sends NTLMv2 here - we need to try the client given workgroup. */ + if (get_session_workgroup()) { + if (NT_STATUS_IS_OK(pass_check_smb(smb_name, get_session_workgroup(), null_password, password_blob, null_password, encrypted))) { + return True; + } + } + if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) { return True; } @@ -119,5 +126,3 @@ return False; } - - Index: samba-3.0.24/source/smbd/password.c =================================================================== --- samba-3.0.24.orig/source/smbd/password.c 2007-02-08 08:01:42.000000000 -0600 +++ samba-3.0.24/source/smbd/password.c 2007-02-08 08:02:08.000000000 -0600 @@ -23,6 +23,8 @@ /* users from session setup */ static char *session_userlist = NULL; static int len_session_userlist = 0; +/* workgroup from session setup. */ +static char *session_workgroup = NULL; /* this holds info on user ids that are already validated for this VC */ static user_struct *validated_users; @@ -406,6 +408,29 @@ } /**************************************************************************** + In security=share mode we need to store the client workgroup, as that's + what Vista uses for the NTLMv2 calculation. +****************************************************************************/ + +void add_session_workgroup(const char *workgroup) +{ + if (session_workgroup) { + SAFE_FREE(session_workgroup); + } + session_workgroup = smb_xstrdup(workgroup); +} + +/**************************************************************************** + In security=share mode we need to return the client workgroup, as that's + what Vista uses for the NTLMv2 calculation. +****************************************************************************/ + +const char *get_session_workgroup(void) +{ + return session_workgroup; +} + +/**************************************************************************** Check if a user is in a netgroup user list. If at first we don't succeed, try lower case. ****************************************************************************/ Index: samba-3.0.24/source/smbd/sesssetup.c =================================================================== --- samba-3.0.24.orig/source/smbd/sesssetup.c 2007-02-08 08:01:38.000000000 -0600 +++ samba-3.0.24/source/smbd/sesssetup.c 2007-02-08 08:02:08.000000000 -0600 @@ -1035,6 +1035,7 @@ map_username(sub_user); add_session_user(sub_user); + add_session_workgroup(domain); /* Then force it to null for the benfit of the code below */ *user = 0; }