From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 20 Apr 2016 16:44:21 +0000 (+0200)
Subject: auth/ntlmssp: don't require NTLMSSP_SIGN for smb connections
X-Git-Tag: samba-4.2.12~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=abbb1ab296b6f891bd73ea95ddab02da0b7ec79b;p=thirdparty%2Fsamba.git

auth/ntlmssp: don't require NTLMSSP_SIGN for smb connections

Enforcement of SMB signing is done at the SMB layer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11850

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit d97b347d041f9b5c0aa71f35526cbefd56f3500b)
---

diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index 8b367fc401e..b423f20cfbd 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -843,8 +843,11 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
 		 * Without this, Windows will not create the master key
 		 * that it thinks is only used for NTLMSSP signing and
 		 * sealing.  (It is actually pulled out and used directly)
+		 *
+		 * We don't require this here as some servers (e.g. NetAPP)
+		 * doesn't support this.
 		 */
-		ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
+		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
 	}
 	if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
 		ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;