Vista(by default NTLMv2) - Samba Security = domain, connection from vista failed

Lamar.Saxon at americredit.com Lamar.Saxon at americredit.com
Tue Feb 6 13:16:39 GMT 2007 

Our Windows network has been set to only use NTLMv2 for security.  I
made the following changes to my smb.conf and we have been working fine:

        client schannel = Auto
        server schannel = Auto

        lanman auth = No
        ntlm auth = No
        client NTLMv2 auth = Yes
        client lanman auth = No
        client plaintext auth = No

HTH,
Lamar

-----Original Message-----
From: Kai Blin [mailto:kai.blin at gmail.com]
Sent: Monday, February 05, 2007 7:16 AM
To: samba-technical at lists.samba.org
Cc: gomathi.palanimuthu at wipro.com
Subject: Re: Vista(by default NTLMv2) - Samba Security =
domain,connection from vista failed

On Monday 05 February 2007 12:18, gomathi palanimuthu wrote:
> I've been testing out Windows Vista Enterprise today.  It defaults to
only
> using NTLMV2 authentication.

[...]

> *client NTLMv2 auth = yes*
> *client lanman auth = no*
> *ntlm auth = no*
> *lanman auth = no* (Read from lists.org that if we set ntlm auth as
well as
> lanman auth to 'no', samba will default to NTLMv2 security support).
> But, still connection is not working from Vista.

Are you sure the "ntlm auth = no" is correct? I'm not running a windows
domain
myself, so I can't check but in any case samba should correctly
negotiate
NTLMv2 if the other side requests this. Speaking as someone who has
little
clue about running samba and quite some idea how the samba ntlm code
works,
I'm sure samba tries to do NTLMv2 authentication initially.

> Is there any configuration parameters missed out for this particular
type
> of security??

Unless someone can offer additional config parameters I have no idea
about, I
guess we would be interested in a network capture of a non-working and a

working authentication attempt.

Of course I'm not a samba dev, so those more familiar with all this
might have
a way better solution.

Cheers,
Kai
--
Kai Blin, <kai Dot blin At gmail Dot com>
WorldForge developer    http://www.worldforge.org/
Wine developer          http://wiki.winehq.org/KaiBlin/
--
Will code for cotton.


Privileged and Confidential.  This e-mail, and any attachments there to, is intended only for use by the addressee(s) named herein and may contain privileged or confidential information.  If you have received this e-mail in error, please notify me immediately by a return e-mail and delete this e-mail.  You are hereby notified that any dissemination, distribution or copying of this e-mail and/or any attachments thereto, is strictly prohibited.

More information about the samba-technical mailing list