[Samba] "lanman auth" question
Gaiseric Vandal
gaiseric.vandal at gmail.com
Mon Oct 2 22:49:04 UTC 2017
lanman should always be disabled. use "testparm -v" to make sure the
settings are applied as you expect. With different samba versions, the
defaults may change.
I don't think you can disable ntlmv1 but leave ntlmv2 enabled. I could
be wrong. NTLMv2 is stronger. And I think clients will
negotiate the strongest common protocol. If you are in a small
network where you can see what is getting added, and you are using
ethernet switches (not ethernet hubs) to minimize packet capture, you
should be OK. (unless you are designing the next stealth
fighter.) Best practices would dictate NTLMv2 if possible.
I would try disabling lanman, leaving ntlm enabled and see if the xerox
works.
On 10/02/17 17:16, ToddAndMargo via samba wrote:
> Hi All,
>
> Server:
> Fedora 26
> samba-4.6.8-0.fc26.x86_64
>
> Workstations (5 of them):
> XP Pro SP3
>
>
> I set all five of my customer XP workstations to
>
> Send NTLMv2 response only\\refuse LM and NTLM
>
> and turned off (smb.conf)
>
> lanman auth = yes
> ntlm auth = yes
>
> And had to turn it right back on as the customer's
> Xerox Workcentre 3550 multifunction printer scanner
> requires it
>
> What are the security ramification to Samba?
>
> Many thanks,
> -T
> Tony Ewell, B.S.E.E.
> Owner, Rent-A-Nerd Computer Services
> 775-265-5150, 9:00 am to 5:00 pm PST/PDT
>
>
> Error from the scanner:
>
> Destination 1 : Status....Failed
> Status Details : username or password is wrong
> Friendly Name : WorkCenter
> Server Name : 192.168.255.12
> Path : scans
> Protocol : SMB
> Filing Policy : CHANGENAME
> Document Name : 1
>
>
>
>
>
More information about the samba
mailing list