[Samba] Using ntlm_auth to authneticate to an NTLMv2 AD

Andrew Bartlett abartlet at samba.org
Fri Mar 10 08:40:42 GMT 2006

On Fri, 2006-03-10 at 08:28 +0000, Alex Sharaz wrote:
> While we're trying to get the tracing for this, I was wondering if there
> was another solution we could implement. 
> Our AD team have put my linux box into its own part of the AD tree i.e.
> ou=linux,dc=hull, dc=ac,dc=uk
> I don't know anything about AD but was wondering if it were possible to
> change the security requirements for the "linux" portion of the tree to
> be NTLM. I know this works
> Would this be doable?

I'm not sure, I just don't know that much about AD group policy.

However, my argument is that NTLMv2 is well worth requiring on clients,
but that the server gains little by enforcing it's use.  The thing we
all really want to kill from the networks is the LM response.

(My view is that if you still allow an MSCHAPv2 login, then the system
is just as weak as if all NTLM logins are permitted).

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20060310/e31ce05e/attachment.bin

More information about the samba mailing list