[Samba] smbclient NT_STATUS_NTLM_BLOCKED
Christopher Cox
chriscox at endlessnow.com
Fri Nov 3 14:29:09 UTC 2023
On 11/3/23 08:10, Rowland Penny via samba wrote:
> On Fri, 3 Nov 2023 12:27:57 +0100
> cYuSeDfZfb cYuSeDfZfb via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>>
>> I have configured my (RHEL9) standalone samba server with "ntlm auth =
>> disabled" because we understand that ntlm should be disabled nowadays.
>>
>> However, we can no longer use smbclient (4.17) to connect to that
>> server, as:
>>
>> session setup failed: NT_STATUS_NTLM_BLOCKED
>>
>> We have also set these on the server:
>> client signing = mandatory | server signing = mandatory | smb
>> encrypt = mandatory
>>
>> How dangerous would it be to keep ntlm enabled? We do need to support
>> smbclient access. What else can we do to enable smbclient access?
>>
>> Thank you!
>
> I think you are confusing NTLMv1 (which you shouldn't use) and NTLMv2.
> Samba has had NTLMv1 turned off since 4.7.0 , if you want file sharing,
> you need NTLMv2.
While there is talk in the "Windows world" of getting rid of NTLMv2 altogether,
it is very entrenched in the whole AD system today. IMHO, this goes away when
the whole existing "Windows way" is migrated completely to "cloud". Which is
something Microsoft is striving for, there's just a lot of work to do.
More information about the samba
mailing list