From d97492e42a65540febae93dd0255b91d034f9def Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 13 Dec 2010 12:40:25 +1100
Subject: [PATCH] s3-libsmb Improve error message when denying LM encryption

Now that 'client ntlmv2 auth = yes' is the default, make it more clear
what options a user may need to enable to get this to work.

Andrew Bartlett
---
 source3/libsmb/cliconnect.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 65f6924a688d..ec9ff58a173c 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1399,15 +1399,15 @@ NTSTATUS cli_session_setup(struct cli_state *cli,
 
 	if (cli->protocol < PROTOCOL_NT1) {
 		if (!lp_client_lanman_auth() && passlen != 24 && (*pass)) {
-			DEBUG(1, ("Server requested LM password but 'client lanman auth'"
-				  " is disabled\n"));
+			DEBUG(1, ("Server requested LM password but 'client lanman auth = no'"
+				  " or 'client ntlmv2 auth = yes'\n"));
 			return NT_STATUS_ACCESS_DENIED;
 		}
 
 		if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 &&
 		    !lp_client_plaintext_auth() && (*pass)) {
-			DEBUG(1, ("Server requested plaintext password but "
-				  "'client plaintext auth' is disabled\n"));
+			DEBUG(1, ("Server requested LM password but 'client plaintext auth = no'"
+				  " or 'client ntlmv2 auth = yes'\n"));
 			return NT_STATUS_ACCESS_DENIED;
 		}
 
@@ -1433,8 +1433,8 @@ NTSTATUS cli_session_setup(struct cli_state *cli,
 
 	if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
 		if (!lp_client_plaintext_auth() && (*pass)) {
-			DEBUG(1, ("Server requested plaintext password but "
-				  "'client plaintext auth' is disabled\n"));
+			DEBUG(1, ("Server requested LM password but 'client plaintext auth = no'"
+				  " or 'client ntlmv2 auth = yes'\n"));
 			return NT_STATUS_ACCESS_DENIED;
 		}
 		return cli_session_setup_plaintext(cli, user, pass, workgroup);
@@ -1609,7 +1609,7 @@ struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
 		if (!lp_client_lanman_auth()) {
 			DEBUG(1, ("Server requested LANMAN password "
 				  "(share-level security) but "
-				  "'client lanman auth' is disabled\n"));
+				  "'client lanman auth = no' or 'client ntlmv2 auth = yes'\n"));
 			goto access_denied;
 		}
 
@@ -1625,8 +1625,8 @@ struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
 		   == 0) {
 			if (!lp_client_plaintext_auth() && (*pass)) {
 				DEBUG(1, ("Server requested plaintext "
-					  "password but 'client plaintext "
-					  "auth' is disabled\n"));
+					  "password but "
+					  "'client lanman auth = no' or 'client ntlmv2 auth = yes'\n"));
 				goto access_denied;
 			}
 
-- 
2.34.1