--- /dev/null
+From b413a09fa5b927102655a8332e95a64a80e57825 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Thu, 21 Jul 2011 21:15:38 +0200
+Subject: [PATCH 1/2] PATCHSET19: s3:libsmb: don't pass cli->called.name to
+ NTLMv2_generate_names_blob()
+
+cli->called.name is never initialized, so this change doesn't change
+the behavior. And this behavior seems to be correct, see
+commit 29c0c37691da10bf061ba90a5b31482bda2fa486
+s4/libcli: do not use netbios name in NTLMv2 blobs w/o spnego.
+
+metze
+
+(cherry picked from commit 392ddf970c8f8486e79eec5214ed49912e344e09)
+---
+ source3/libsmb/cliconnect.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
+index 8653ba7..38ae230 100644
+--- a/source3/libsmb/cliconnect.c
++++ b/source3/libsmb/cliconnect.c
+@@ -862,11 +862,11 @@ static struct tevent_req *cli_session_setup_nt1_send(
+ /*
+ * note that the 'workgroup' here is a best
+ * guess - we don't know the server's domain
+- * at this point. The 'server name' is also
+- * dodgy...
++ * at this point. Windows clients also don't
++ * use hostname...
+ */
+ names_blob = NTLMv2_generate_names_blob(
+- NULL, cli->called.name, workgroup);
++ NULL, NULL, workgroup);
+
+ if (tevent_req_nomem(names_blob.data, req)) {
+ return tevent_req_post(req, ev);
+--
+2.1.0
+
+
+From 1415733b6cfeba129e1459ef55a0a12a5dec0fa3 Mon Sep 17 00:00:00 2001
+From: Christian Ambach <christian.ambach@de.ibm.com>
+Date: Thu, 7 Apr 2011 14:05:04 +0200
+Subject: [PATCH 2/2] PATCHSET19: s4/libcli: do not use netbios name in NTLMv2
+ blobs w/o spnego
+
+I have seen domain controllers rejecting NTLMv2 blobs presented to
+NetrLogonSamLogonEx with LOGON_FAILURE when the MsvAvNbComputerName
+was a FQDN or an IP address
+
+I have not seen this field in NTLMv2 blobs send by Windows clients
+when extended security was not available, so omitting the field
+makes Samba similar to Windows.
+
+This prevents errors with some smbtorture testcases that disable
+spnego and when a target name is specified that is not a valid
+netbios name.
+
+Signed-off-by: Andrew Bartlett <abartlet@samba.org>
+
+Autobuild-User: Andrew Bartlett <abartlet@samba.org>
+Autobuild-Date: Thu Apr 14 02:19:08 CEST 2011 on sn-devel-104
+(cherry picked from commit 29c0c37691da10bf061ba90a5b31482bda2fa486)
+---
+ source4/libcli/smb_composite/sesssetup.c | 26 ++++++++++++++++++++++----
+ 1 file changed, 22 insertions(+), 4 deletions(-)
+
+diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c
+index e1159a4..ebc3598 100644
+--- a/source4/libcli/smb_composite/sesssetup.c
++++ b/source4/libcli/smb_composite/sesssetup.c
+@@ -280,8 +280,17 @@ static NTSTATUS session_setup_nt1(struct composite_context *c,
+ struct smbcli_request **req)
+ {
+ NTSTATUS nt_status = NT_STATUS_INTERNAL_ERROR;
+- struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
+- DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, cli_credentials_get_domain(io->in.credentials));
++ struct sesssetup_state *state = talloc_get_type(c->private_data,
++ struct sesssetup_state);
++ const char *domain = cli_credentials_get_domain(io->in.credentials);
++
++ /*
++ * domain controllers tend to reject the NTLM v2 blob
++ * if the netbiosname is not valid (e.g. IP address or FQDN)
++ * so just leave it away (as Windows client do)
++ */
++ DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, NULL, domain);
++
+ DATA_BLOB session_key = data_blob(NULL, 0);
+ int flags = CLI_CRED_NTLM_AUTH;
+
+@@ -353,9 +362,18 @@ static NTSTATUS session_setup_old(struct composite_context *c,
+ struct smbcli_request **req)
+ {
+ NTSTATUS nt_status;
+- struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
++ struct sesssetup_state *state = talloc_get_type(c->private_data,
++ struct sesssetup_state);
+ const char *password = cli_credentials_get_password(io->in.credentials);
+- DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, cli_credentials_get_domain(io->in.credentials));
++ const char *domain = cli_credentials_get_domain(io->in.credentials);
++
++ /*
++ * domain controllers tend to reject the NTLM v2 blob
++ * if the netbiosname is not valid (e.g. IP address or FQDN)
++ * so just leave it away (as Windows client do)
++ */
++ DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, NULL, domain);
++
+ DATA_BLOB session_key;
+ int flags = 0;
+ if (session->options.lanman_auth) {
+--
+2.1.0
+