[Samba] NTLMv2, Samba, and Squid

Andrew Bartlett abartlet at samba.org
Mon Sep 10 00:13:27 GMT 2007

On Sat, 2007-09-08 at 12:35 -0300, mups.cp wrote:
> If you'd like force NTLMv2 authentication these settings in your
> smb.conf could help:
> ntlm auth = Yes

This is the default. 

> client NTLMv2 auth = Yes

This is the only one that changes 

> min protocol = LANMAN2
> max protocol = NT1

Why are you setting this?

> I also put these:
> client lanman auth = No
> client plaintext auth = No

These are about to (3.2.0) become the defaults, and are set implicitly
by setting 'client ntlmv2 auth = yes'.  

> use spnego = Yes
> client use spnego = Yes

These are both defaults. 

The reason I'm replying to this is that I hate the way that Samba
folklore builds up.  

You don't need a magic combination of smb.conf variables for Samba to
accept NTLMv2 authentication, we do that already.  You can turn of
accepting NT and LM of you are paranoid.   

The only setting you have actually changed with all this is to only send
NTLMv2 challenge-response authentication, when we are a client. 

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20070910/e36cd4ba/attachment.bin

More information about the samba mailing list