[Samba] NTLMv2 in Samba 3.0
dan.chu at citigroup.com
Wed Feb 11 21:27:38 GMT 2004
I tested NTLMv2 again using the newly created Samba 3.0.2 (I didn't test
3.0.1). It still doesn't seem to work. Has anyone successfully made
NTLMv2 work? If so, can I have a working sample of the smb.conf file?
I have included below entries in my smb.conf (among other entries):
security = server
password server = NTDomainController
client ntlmv2 auth = yes
On both NTDomainController and W2k client, I have Imcompatibilitylevel
set to 3 or 5 from the Registry Editor for LSA. On NTDomainController,
it also has both NtlmMinClientSec and NtlmMinServerSec set to 0x00080000
(to permit only NTLMv2 session security). I just cannot map a drive from
W2k client to the Samba server running Solaris 8.
Thanks a lot in advance.
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Saturday, October 25, 2003 11:29 PM
To: Chu, Dan [IT]
Cc: 'samba at lists.samba.org'
Subject: Re: [Samba] NTLMv2 in Samba 3.0
On Fri, 2003-10-24 at 06:53, Chu, Dan [IT] wrote:
> Has anyone successfully configured Samba 3.0 to authenticate using
> only? I have below entry in smb.conf:
> password server = <domain controller>
> to use domain controller for user authentication and DC is configured
> Level 5 - DC refuses LM and NTLM authentication (accepts only NTLMv2).
> far I got: "System error 1326 has occurred.
> Logon failure: unknown user name or bad password." errors.
> I am not sure what option(s) to use in the smb.conf file to make it
> understanding is that Samba 3.0 defaults to NTLMv2 if password server
> configured to accept NTLMv2.
As a server, Samba 3.0 implements NTLMv2 by default. Samba also passes
on NTLMv2 authentication attempts to the DC without modification, so it
can validate them.
As a client, you need to specify 'client ntlmv2 auth = yes' to force
Samba to use NTLMv2, as it is incompatible with older servers.
It is not possible to 'modify' an NTLM authentication request into
NTLMv2, so if your clients are not configured correctly, they will not
correctly talk to an NTLMv2 enforcing server/domain.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba