[Samba] NTLMv2 in Samba 3.0
Chu, Dan
dan.chu at citigroup.com
Wed Feb 11 22:30:27 GMT 2004
Andrew,
Thank you for your reply. I'm not sure what is not required. Do you mean
"client ntlmv2 auth = yes" ? Anyway, I've changed it to "security = domain"
in smb.conf (all other entries remain intact). I was able to join the samba
server to the NT domain using the "net join" utility. Then restarted the
samba daemons. When trying to map a drive from an W2k client, I got below
error:
"Configuration information could not be read from the domain controller,
either because the machine is unavailable, or access has been denied."
What did I miss here?
Thanks,
Dan
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Wednesday, February 11, 2004 4:35 PM
To: Chu, Dan
Cc: Andrew Bartlett; samba at lists.samba.org
Subject: RE: [Samba] NTLMv2 in Samba 3.0
On Thu, 2004-02-12 at 08:27, Chu, Dan wrote:
> I tested NTLMv2 again using the newly created Samba 3.0.2 (I didn't test
> 3.0.1). It still doesn't seem to work. Has anyone successfully made
> NTLMv2 work? If so, can I have a working sample of the smb.conf file?
>
> I have included below entries in my smb.conf (among other entries):
> security = server
> password server = NTDomainController
> client ntlmv2 auth = yes
This is not required for pass-though NTLMv2 authentication.
> On both NTDomainController and W2k client, I have Imcompatibilitylevel
> set to 3 or 5 from the Registry Editor for LSA. On NTDomainController,
> it also has both NtlmMinClientSec and NtlmMinServerSec set to 0x00080000
> (to permit only NTLMv2 session security). I just cannot map a drive from
> W2k client to the Samba server running Solaris 8.
Use 'security=domain'. NTLM2 session security is not compatible with
'security=server'.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list