[Samba] NTLMv2 Authentication
Gerald (Jerry) Carter
jerry at samba.org
Wed Jun 8 14:13:21 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
| On Wed, 8 Jun 2005, Gerald (Jerry) Carter wrote:
|>| Is there a (safe) way to strip all LM hashes from
|>| the password database and retain/use just the NTLM ones?
|>You can set 'lanman auth = no' in smb.conf.
| I'm aware of this, IIRC it stops samba from
| using the old LM hashes. But is there a way of
| deleting the LM hashes completely from the database?
| Is there a "safe" value to reset them to? I don't
| want samba thinking these are disabled accounts :-)
You can set the lanman hash to a string of 32 X's.
It's a little difficult to do this using tdbsam.
If you don't have any custom per user information,
you can pipe the output from pdbedit -L -w to an
smbpasswd, edit the file and then use pdbedit
to re-import them to a new tdbsam.
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba