[Samba] NTLMv2 Authentication
Gerald (Jerry) Carter
jerry at samba.org
Wed Jun 8 14:13:21 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
d.a.glynos wrote:
| On Wed, 8 Jun 2005, Gerald (Jerry) Carter wrote:
|>d.a.glynos wrote:
|>
|>| Is there a (safe) way to strip all LM hashes from
|>| the password database and retain/use just the NTLM ones?
|>
|>You can set 'lanman auth = no' in smb.conf.
|
| I'm aware of this, IIRC it stops samba from
| using the old LM hashes. But is there a way of
| deleting the LM hashes completely from the database?
| Is there a "safe" value to reset them to? I don't
| want samba thinking these are disabled accounts :-)
You can set the lanman hash to a string of 32 X's.
It's a little difficult to do this using tdbsam.
If you don't have any custom per user information,
you can pipe the output from pdbedit -L -w to an
smbpasswd, edit the file and then use pdbedit
to re-import them to a new tdbsam.
cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCpv0BIR7qMdg1EfYRAuMPAJ91+hPh1C0KNxlGtayAE+CZFDxGlACfRAkU
WBz3ux1RhxIyQ+Tbk0om5R0=
=XtBX
-----END PGP SIGNATURE-----
More information about the samba
mailing list