[Samba] Vista, NTLMV2, security = domain

Schaefer Jr, Thomas R. tom at umsl.edu
Tue Feb 6 18:03:36 GMT 2007


I eventually hit upon the solution.. run winbindd.  Barely even have to
alter my smb.conf, just run winbindd.  It runs in proxy mode.  The one
smb.conf impact was with the valid users parameter:

Now for an entry like this in smb.conf..

valid users = schaefert, plantr

I've either got to make it

valid users = ourdomain\schaefert, ourdomain\plantr

Or, the other solution I came up with is leave the valid users entries
in smb.conf as they are but include entries like the following in the
username map..

schaefert = ourdomain\schaefert
plantr = ourdomain\plantr

-----Original Message-----
From: samba-bounces+tom=umsl.edu at lists.samba.org
[mailto:samba-bounces+tom=umsl.edu at lists.samba.org] On Behalf Of
Schaefer Jr, Thomas R.
Sent: Monday, January 29, 2007 6:21 PM
To: samba at lists.samba.org
Subject: [Samba] Vista, NTLMV2, security = domain

Hi folks,

I've been testing out Windows Vista Enterprise today.  It defaults to
only using NTLMV2 authentication.

I'm testing with Samba 3.0.23d running on Sparc/Solaris 8.  Samba is
configured with

security = domain

The password server is a Windows Server 2003 domain controller.  I've
joined Samba to the domain.

I simply can't get Vista to connect unless I change its security policy
to "send NTLM/NTLMV1 use NTLMV2 if negotiated".  Then it connects just
fine.

But Vista should work with its default of only NTLMV2, right??  There's
not some known bug, or some inherent limitation that prevents NTLMV2
authentication when your Samba server is configured as security =
domain, correct??

Thanks in advance,
Tom Schaefer


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


More information about the samba mailing list