[Samba] NTLMv2 passthrough auth fails on XP
Aaron J. Zirbes
ajz at cccs.umn.edu
Fri Jan 28 20:25:40 GMT 2005
I have an interesting situation. I'm not sure if Samba doesn't support
this, or if I have something setup wrong.
All Linux/BSD machines: Samba 3.0.10
Windows XP cannot connect to a Samba Server when the Samba server is a
member of a Samba Domain, and authentication is restricted to NTLMv2
_IF_ The Windows XP machine has the following Security Policy turned on:
Network security: Minimum session security for NTLM SSP based (including
secure RPC) clients/servers
Require NTLMv2 session security
I would have laid this to rest, _EXCEPT_ that this setting does not harm
the connections to the PDC running Samba as well. The Windows XP can
login to the domain, and browse shares on the Samba PDC, but it cannot
coonnect to Samba Member servers authenticating through the PDC via
security = server AND password server = *.
When I turn off this Windows XP setting, everything works fine.
This option does not exist in <= Windows 2000, therefore Windows 2000/NT
is not affected.
PDC and MEMBER have the following vital information in smb.conf
...
# require NTLMv2
encrypt passwords = yes
ntlm auth = no
lanman auth = no
client lanman auth = no
client ntlmv2 auth = yes
client plaintext auth = no
...
MEMBER is set to
security = server
password server = *
--
Aaron Zirbes
Systems Administrator
Environmental Health Sciences
University of Minnesota
More information about the samba
mailing list