Vista(by default NTLMv2) - Samba Security = domain, connection from vista failed

Lamar.Saxon at Lamar.Saxon at
Tue Feb 6 13:16:39 GMT 2007

Our Windows network has been set to only use NTLMv2 for security.  I
made the following changes to my smb.conf and we have been working fine:

        client schannel = Auto
        server schannel = Auto

        lanman auth = No
        ntlm auth = No
        client NTLMv2 auth = Yes
        client lanman auth = No
        client plaintext auth = No


-----Original Message-----
From: Kai Blin [mailto:kai.blin at]
Sent: Monday, February 05, 2007 7:16 AM
To: samba-technical at
Cc: gomathi.palanimuthu at
Subject: Re: Vista(by default NTLMv2) - Samba Security =
domain,connection from vista failed

On Monday 05 February 2007 12:18, gomathi palanimuthu wrote:
> I've been testing out Windows Vista Enterprise today.  It defaults to
> using NTLMV2 authentication.


> *client NTLMv2 auth = yes*
> *client lanman auth = no*
> *ntlm auth = no*
> *lanman auth = no* (Read from that if we set ntlm auth as
well as
> lanman auth to 'no', samba will default to NTLMv2 security support).
> But, still connection is not working from Vista.

Are you sure the "ntlm auth = no" is correct? I'm not running a windows
myself, so I can't check but in any case samba should correctly
NTLMv2 if the other side requests this. Speaking as someone who has
clue about running samba and quite some idea how the samba ntlm code
I'm sure samba tries to do NTLMv2 authentication initially.

> Is there any configuration parameters missed out for this particular
> of security??

Unless someone can offer additional config parameters I have no idea
about, I
guess we would be interested in a network capture of a non-working and a

working authentication attempt.

Of course I'm not a samba dev, so those more familiar with all this
might have
a way better solution.

Kai Blin, <kai Dot blin At gmail Dot com>
WorldForge developer
Wine developer
Will code for cotton.

Privileged and Confidential.  This e-mail, and any attachments there to, is intended only for use by the addressee(s) named herein and may contain privileged or confidential information.  If you have received this e-mail in error, please notify me immediately by a return e-mail and delete this e-mail.  You are hereby notified that any dissemination, distribution or copying of this e-mail and/or any attachments thereto, is strictly prohibited.

More information about the samba-technical mailing list