[Samba] NTLM auth problems.

Andrew Bartlett abartlet at samba.org
Wed Oct 26 13:06:53 GMT 2005

On Tue, 2005-10-25 at 12:11 +0200, Ian Barnes wrote:
> Hi,
> I have encountered a problem and I don't know how or if I can work around
> the problem.
> I setup squid to use NTLM to auth against a 2003 machine. On windows 2003
> there is a security option called: "Network Security: LAN Manager
> authentication level properties", now the default option for this setting
> is: "Send NTLM response only". If I use the defaults, I can connect fine and
> users can auth and everything is perfect. The problem comes in when I change
> that setting to read: "Send NTLMv2 response only\refuse LM & NTLM", then I
> cant auth anymore, I cant even join the domain anymore.
> I am running squid version 2.5.stable4 with samba 3.0.10. My configuration
> looks as follows:
> I run the following command to join the domain which works if I have the
> default option enabled, and fails with invalid username or password with the
> custom setting:
> # /usr/local/bin/net join -S SERVER -w DOMAIN -U username%password
> I then run winbindd and nmbd. If the default setting in 2003 is used, I can
> then view users and groups, but with custom setting it doesn't get this far
> because the net join fails.

Easy.  Set 'client ntlmv2 auth = yes' in your smb.conf, which is the
same as the client side of the system policy you describe above.

'net ads join' may also have worked.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051026/22b61cee/attachment.bin

More information about the samba mailing list