[Samba] Samba 3 and NTLMv2 support

Andrew Bartlett abartlet at samba.org
Tue Mar 2 06:19:47 GMT 2004

On Tue, 2004-03-02 at 11:28, Ron Dhillon wrote:
> Hi:
> I have Samba 3.0.2a running on Fedora Core 1.  This server is set to be 
> Domain PDC and I am looking to have clients attach to it NTLMv2 only.  
> After looking over the man page for smb.conf, I have set the two options 
> that I thought would accomplish:
> [Global]
> lanman auth = no
> ntlm auth = no
> On the workstation side, I have set 
> HKLM\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilitylevel to "5".  
> When I try to join the clients to the domain, I get the error:
> "Logon Failure: Unknown Username or Bad Password"

Ahh.  Is this issue only in the domain join process?  Or once machines
are joined, do they still do the same thing?

> If I change the line, in smb.conf, for ntlm auth to "yes" and set the 
> client registry key to "2" then I have no problem.  NTLMv1 seems to be 
> negotiated without any problems but NTLMv2 hasn't been quite so easy.
> Any suggestions would be appreciated!

I'll need to see level 10 debug logs, and an ethereal trace before I can
give you a decent answer on this.  The client may not be sending it
right, or we might not be reading it right.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040302/66bc395a/attachment.bin

More information about the samba mailing list