[Samba] NTLMv2, Samba, and Squid
Andrew Bartlett
abartlet at samba.org
Mon Sep 10 00:13:27 GMT 2007
On Sat, 2007-09-08 at 12:35 -0300, mups.cp wrote:
> If you'd like force NTLMv2 authentication these settings in your
> smb.conf could help:
> ntlm auth = Yes
This is the default.
> client NTLMv2 auth = Yes
This is the only one that changes
> min protocol = LANMAN2
> max protocol = NT1
Why are you setting this?
> I also put these:
> client lanman auth = No
> client plaintext auth = No
These are about to (3.2.0) become the defaults, and are set implicitly
by setting 'client ntlmv2 auth = yes'.
> use spnego = Yes
> client use spnego = Yes
These are both defaults.
The reason I'm replying to this is that I hate the way that Samba
folklore builds up.
You don't need a magic combination of smb.conf variables for Samba to
accept NTLMv2 authentication, we do that already. You can turn of
accepting NT and LM of you are paranoid.
The only setting you have actually changed with all this is to only send
NTLMv2 challenge-response authentication, when we are a client.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20070910/e36cd4ba/attachment.bin
More information about the samba
mailing list