auth/ntlmssp: don't require NTLMSSP_SIGN for smb connections

Enforcement of SMB signing is done at the SMB layer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11850

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index 8b367fc401ecc4d461bf75354aaf01d27850bead..b423f20cfbd4037a7cf7708bb96a2ecae94d7397 100644 (file)
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -843,8 +843,11 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
                 * Without this, Windows will not create the master key
                 * that it thinks is only used for NTLMSSP signing and
                 * sealing.  (It is actually pulled out and used directly)
+                *
+                * We don't require this here as some servers (e.g. NetAPP)
+                * doesn't support this.
                 */
-               ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;
+               ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
        }
        if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
                ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SIGN;