[Samba] NTLMv2 in Samba 3.0

Chu, Dan dan.chu at citigroup.com
Wed Feb 11 22:30:27 GMT 2004 

Andrew,
Thank you for your reply. I'm not sure what is not required. Do you mean
"client ntlmv2 auth = yes" ? Anyway, I've changed it to "security = domain"
in smb.conf (all other entries remain intact). I was able to join the samba
server to the NT domain using the "net join" utility. Then restarted the
samba daemons. When trying to map a drive from an W2k client, I got below
error:
"Configuration information could not be read from the domain controller,
either because the machine is unavailable, or access has been denied." 

What did I miss here? 

Thanks,
Dan 

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Wednesday, February 11, 2004 4:35 PM
To: Chu, Dan
Cc: Andrew Bartlett; samba at lists.samba.org
Subject: RE: [Samba] NTLMv2 in Samba 3.0


On Thu, 2004-02-12 at 08:27, Chu, Dan wrote:
> I tested NTLMv2 again using the newly created Samba 3.0.2 (I didn't test
> 3.0.1). It still doesn't seem to work. Has anyone successfully made
> NTLMv2 work? If so, can I have a working sample of the smb.conf file? 
> 
> I have included below entries in my smb.conf (among other entries):
> security = server
> password server = NTDomainController

> client ntlmv2 auth = yes

This is not required for pass-though NTLMv2 authentication.

> On both NTDomainController and W2k client, I have Imcompatibilitylevel
> set to 3 or 5 from the Registry Editor for LSA. On NTDomainController,
> it also has both NtlmMinClientSec and NtlmMinServerSec set to 0x00080000
> (to permit only NTLMv2 session security). I just cannot map a drive from
> W2k client to the Samba server running Solaris 8.

Use 'security=domain'.  NTLM2 session security is not compatible with
'security=server'.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list