[Samba] NTLMv2 in Samba 3.0

Chu, Dan dan.chu at citigroup.com
Wed Feb 11 22:30:27 GMT 2004

Thank you for your reply. I'm not sure what is not required. Do you mean
"client ntlmv2 auth = yes" ? Anyway, I've changed it to "security = domain"
in smb.conf (all other entries remain intact). I was able to join the samba
server to the NT domain using the "net join" utility. Then restarted the
samba daemons. When trying to map a drive from an W2k client, I got below
"Configuration information could not be read from the domain controller,
either because the machine is unavailable, or access has been denied." 

What did I miss here? 


-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Wednesday, February 11, 2004 4:35 PM
To: Chu, Dan
Cc: Andrew Bartlett; samba at lists.samba.org
Subject: RE: [Samba] NTLMv2 in Samba 3.0

On Thu, 2004-02-12 at 08:27, Chu, Dan wrote:
> I tested NTLMv2 again using the newly created Samba 3.0.2 (I didn't test
> 3.0.1). It still doesn't seem to work. Has anyone successfully made
> NTLMv2 work? If so, can I have a working sample of the smb.conf file? 
> I have included below entries in my smb.conf (among other entries):
> security = server
> password server = NTDomainController

> client ntlmv2 auth = yes

This is not required for pass-though NTLMv2 authentication.

> On both NTDomainController and W2k client, I have Imcompatibilitylevel
> set to 3 or 5 from the Registry Editor for LSA. On NTDomainController,
> it also has both NtlmMinClientSec and NtlmMinServerSec set to 0x00080000
> (to permit only NTLMv2 session security). I just cannot map a drive from
> W2k client to the Samba server running Solaris 8.

Use 'security=domain'.  NTLM2 session security is not compatible with

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list