[Samba] NTLMv2 Authentication

Gerald (Jerry) Carter jerry at samba.org
Wed Jun 8 14:13:21 GMT 2005

Hash: SHA1

d.a.glynos wrote:
| On Wed, 8 Jun 2005, Gerald (Jerry) Carter wrote:
|>d.a.glynos wrote:
|>| Is there a (safe) way to strip all LM hashes from
|>| the password database and retain/use just the NTLM ones?
|>You can set 'lanman auth = no' in smb.conf.
| I'm aware of this, IIRC it stops samba from
| using the old LM hashes. But is there a way of
| deleting the LM hashes completely from the database?
| Is there a "safe" value to reset them to? I don't
| want samba thinking these are disabled accounts :-)

You can set the lanman hash to a string of 32 X's.
It's a little difficult to do this using tdbsam.
If you don't have any custom per user information,
you can pipe the output from pdbedit -L -w to an
smbpasswd, edit the file and then use pdbedit
to re-import them to a new tdbsam.

cheers, jerry
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba mailing list