Andrew Bartlett abartlet at pcug.org.au
Tue Jun 26 23:44:21 GMT 2001

Christopher Travers wrote:
> I sent something about this earlier but the info was wrong.
> It seems that the recent builds of XP have changed the authentication
> protocol to v2 of NTLM.  The default setting of Windows XP prevents thenm
> from loggin into to NT4 PDCs as well as Samba servers, though this can be
> manually set:
> The registry key is:
> HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
> With the following possible values:
> 0 = Send LM & NTLM responses
> 1 = Send LM & NTLM - use NTLMv2 session security if negotiated
> 2 = Send NTLM response only
> 3 = Send NTLMv2 response only
> 4 = Send NTLMv2 response only\refuse LM
> 5 = Send NTLMv2 response only\refuse LM & NTLM
> We might want to look at registry patches initially to reduce the value to 2
> (the default is 3).
> Thought you might find it interesting.
> Chris Travers

OK.  This just reorginised my priority list :-).  Once I beat this build
farm into submission I'll jump on this.

I am working on NTLMv2 for Samba (pulling it across from Samba-TNG) and
do have some working patches for both HEAD and SAMBA_2_2 (of varying age
and quality).

Andrew Bartlett

Andrew Bartlett
abartlet at pcug.org.au
abartlet at samba.org

More information about the samba-technical mailing list