LM Compatibility Level
John Ackart
john.ackart at gmail.com
Thu May 22 19:25:13 GMT 2008
Thanks. Found it: Page 55 at
http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-NRPC%5D.pdf
Shirish.
On Wed, May 21, 2008 at 11:58 PM, Andrew Bartlett <abartlet at samba.org>
wrote:
> On Wed, 2008-05-21 at 10:25 -0700, John Ackart wrote:
> > A quote from this article:
> >
> http://technet2.microsoft.com/windowsserver/en/library/878d2bbf-fa00-4e5a-bd63-781d17cdd3471033.mspx?mfr=true
> >
> > suggests that you can set LM compatibility level to 4 just for the IAS
> > server. Specifically, the article says:
> >
> > "Servers running IAS (or RADIUS) and Routing and Remote Access use
> > NTLMv1 to authenticate their clients' domain credentials. This means
> > domain controllers that need to authenticate those clients cannot be
> > configured to accept only NTLMv2 authentication. However, starting with
> > Windows Server 2003 SP1, it is possible for a domain controller to
> > accept NTLMv1 from servers running IAS and remote access service but
> > NTLMv2-only for all other authentication requests."
> >
> > Does anyone know the mechanism used to achieve this.
>
> The machine running winbind (and passing along NTLMv1 requests as
> NTLMv2) must additionally specify a bit in the SamLogon request to the
> DC.
>
> This is documented in the WSPP docs (somewhere - I did find it!).
>
> Andrew Bartlett
> --
> Andrew Bartlett http://samba.org/~abartlet/<http://samba.org/%7Eabartlet/>
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Red Hat Inc. http://redhat.com
>
>
More information about the samba-technical
mailing list