[Samba] Remove LanMan auth from the AD DC and possibly file server?

Andrew Bartlett abartlet at samba.org
Tue Feb 8 22:14:03 UTC 2022


On Mon, 2022-02-07 at 21:13 -0800, Jeremy Allison via samba-technical
wrote:
> On Tue, Feb 08, 2022 at 06:04:01PM +1300, Andrew Bartlett via samba
> wrote:
> > On Mon, 2022-02-07 at 18:38 +0100, Ralph Boehme via samba wrote:
> > > On 1/26/22 04:50, Andrew Bartlett via samba wrote:
> > > > What do folks think?
> > > 
> > > I would vote for removing it and if people still require it to
> > > work
> > > with
> > > old shit they can just continue using the latest Samba version
> > > that
> > > supports it.
> > 
> > Thanks!
> 
> Yes, to be honest I'm more leaning on supporting Ralph
> now than trying to split hairs :-).

Thanks!

> If people want LANMAN auth they can just keep running
> the last version that supports it. It's not like they're
> worried about security anyway :-) :-).

One other benefit is that I have often seen this turned on by folks
where things broke (particularly when we moved to NTLMv2 only by
default) and they just turned everything on, and then left it that way.

This change would therefore secure those sites.

Björn, after reading the discussion here is your position still that we
need to retain LanMan authentication for DOS, OS/2, Win3.11 and Win9X?

I would like to take a crack at the patch but it makes more sense to
know your position up-front to avoid misdirected effort.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions




More information about the samba-technical mailing list