ntlmv2 authentication for servide side

Michael B Allen mba2000 at ioplex.com
Sun Oct 23 16:50:20 GMT 2005 

On Sun, 23 Oct 2005 22:08:51 +1000
Andrew Bartlett <abartlet at samba.org> wrote:

> On Fri, 2005-10-21 at 15:36 -0700, Jeremy Allison wrote:
> > On Sat, Oct 22, 2005 at 01:10:06AM +0530, nagendra.shivaramaiah at wipro.com wrote:
> > > 
> > > hi all,
> > > 
> > >         I would like to know if there is any configuration parameter in samba to make ntlmv2 authentication mandatory on the server side to accept only ntlmv2 type connection requests. Also, is it essential to have "auth methods = sam" for this kind of setup. currently using samba 3.0.14a. I am aware that it could be done on the client side by tweaking the registry to send ntlmv2 requests only. Any information on having a similar setup on the server side is what I am looking for.
> > 
> > There isn't such a setting right now, but it shouldn't
> > be too hard to add one. I'll look into it - it'll be a
> > parameter like "server ntlmv2 = mandatory".
> 
> The setting is 'ntlm auth = no' and 'lanman auth = no', leaving ntlmv2
> as the remaining option.  I would be happy with 'ntlmv2 auth =
> mandetory' as a synonym to these.

Or have 'lmcompatibility = N' where N is the usual numbers (from MS
website):

___	Level 0 - Send LM and NTLM response; never use NTLM 2 session
	security. Clients use LM and NTLM authentication, and never use
	NTLM 2 session security; domain controllers accept LM, NTLM,
	and NTLM 2 authentication.
___	Level 1 - Use NTLM 2 session security if negotiated. Clients
	use LM and NTLM authentication, and use NTLM 2 session security
	if the server supports it; domain controllers accept LM, NTLM,
	and NTLM 2 authentication.
___	Level 2 - Send NTLM response only. Clients use only NTLM
	authentication, and use NTLM 2 session security if the server
	supports it; domain controllers accept LM, NTLM, and NTLM 2
	authentication.
___	Level 3 - Send NTLM 2 response only. Clients use NTLM 2
	authentication, and use NTLM 2 session security if the server
	supports it; domain controllers accept LM, NTLM, and NTLM 2
	authentication.
___	Level 4 - Domain controllers refuse LM responses. Clients use
	NTLM authentication, and use NTLM 2 session security if the
	server supports it; domain controllers refuse LM authentication
	(that is, they accept NTLM and NTLM 2).
___	Level 5 - Domain controllers refuse LM and NTLM responses (accept
	only NTLM 2). Clients use NTLM 2 authentication, use NTLM 2
	session security if the server supports it; domain controllers
	refuse NTLM and LM authentication (they accept only NTLM 2).

Mike

More information about the samba-technical mailing list