question regarding NTLM authentication

Andrew Bartlett abartlet at
Wed May 24 02:58:08 GMT 2006

On Tue, 2006-05-23 at 22:53 -0400, simo wrote:
> On Wed, 2006-05-24 at 08:32 +1000, Andrew Bartlett wrote:
> > The first task is for someone to re-implement 'security=server' in
> > Samba4, using the credentials system as the glue.
> I would honestly like to NOT see security=server for samba4.
> If you need to auth against a DC you can just use domain security,
> that's right way to do it. I can understand why we made it into samba
> and why we keep it in samba3 but I can't see why we should add something
> like that in samba4.
> In most cases it will not work anyway, today SMB signing is on by
> default on most servers.
> Let it just be a sort of hack in an auth module in security=user where
> instead of checking the password locally we "check" it against a remote
> server.
> I would also like to start moving away from the "security=" way of doing
> stuff and just use a role= parameter which makes much more sense.

In this we are agreed.  I use the name only because it clearly defines
the MITM attack we want, for these CIFS proxy use cases.  I don't expect
it will be the actual name of any Samba4 parameter.

(The use case is to re-used the connection established with
'security=server' for the ongoing proxied CIFS connection. )

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list