[Samba] NTLMv2 and smbclient
Hari Sekhon
hpsekhon at googlemail.com
Fri Aug 29 12:22:25 GMT 2008
Hi,d
When trying ntlm auth = no on one of my samba servers it broke all my
monitoring because smbclient failed to negotiate. After troubleshooting
I found that it was not trying ntlmv2 as it should so I set client
ntlmv2 auth = yes and then retried. It worked. However, other samba
servers failed to connect (notably those using share level security) as
it wanted lanman auth. So I set client lanman auth = yes as well but
this didn't seem to help, the ntlm client setting was probably
overriding it.
So now it seems I have hit a circular dependency in the I cannot use
ntlmv2 anywhere without the smbclient access breaking, and if I set
smbclient to allow ntlmv2 to work, it breaks backwards compatibility.
I cannot upgrade one of the servers out of share level security at the
moment (it broke when I tried making it user level security).
I don't understand why allowing ntlmv2 in the client must be mutually
exclusive to using down level protocols. I understand that in most cases
you want a way of preventing downgrading, but in my specific case I
cannot do that just yet.
Is there a way of allowing smbclient to connect to ntlmv2 or downward
protocols optionally as this makes sense in this specific case?
I understand that what I'm asking for may be considered non-ideal but
I'd still like to know...
-h
--
Hari Sekhon
More information about the samba
mailing list