Disabling LM authentication
Gerald Carter
gcarter at valinux.com
Mon Nov 27 17:51:31 GMT 2000
Andrew Bartlett wrote:
>
> Can samba process NTLMv2 passwords? (If not, is the
> effort considerable?)
The code for initial ntlmv2 support in is the old
SAMBA_TNG branch. We just needed the people (resources)
to bring it over. Not really something you can pick up in
a weekend. :-)
> Does samba currently store NTLMv2 passwords?
My limited understanding of ntlmv2 is not than the
passwords are any different. It is just the the protocol
allow for different negotiation options to prevent
man-in-the-middle attacks among other things.
> Does samba support the 128bit encryption (is this
> SSL? or something else)
I think Luke figured out 40-bit encryption for NTLMv2.
Luke wrote a paper on some of this for the past LISA-NT
conference. I'll see if I can find it online somewhere.
> Support for some of these options (and notes to
> indicate what matches to what in configuration files,
> or even better using the same numbers) would greatly
> enhance a networks security.
>
> (Even just allowing the removal of LM passwords
> from the system would benefit system security, if it
> it known no Win9X clients intend to connect)
To disabler lanman auth, you should be able to just change
the LanMan password hash field in smbpasswd to
'XXXXX...' (32 X's) but leave the NT Hash intact.
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
http://www.samba.org/ SAMBA Team jerry at samba.org
http://www.plainjoe.org/ jerry at plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-technical
mailing list