[Samba] NTLMv2 and smbclient

Hari Sekhon hpsekhon at googlemail.com
Fri Aug 29 12:22:25 GMT 2008


   When trying ntlm auth = no on one of my samba servers it broke all my 
monitoring because smbclient failed to negotiate. After troubleshooting 
I found that it was not trying ntlmv2 as it should so I set client 
ntlmv2 auth = yes and then retried. It worked. However, other samba 
servers failed to connect (notably those using share level security) as 
it wanted lanman auth. So I set client lanman auth = yes as well but 
this didn't seem to help, the ntlm client setting was probably 
overriding it.

So now it seems I have hit a circular dependency in the I cannot use 
ntlmv2 anywhere without the smbclient access breaking, and if I set 
smbclient to allow ntlmv2 to work, it breaks backwards compatibility.
I cannot upgrade one of the servers out of share level security at the 
moment (it broke when I tried making it user level security).

I don't understand why allowing ntlmv2 in the client must be mutually 
exclusive to using down level protocols. I understand that in most cases 
you want a way of preventing downgrading, but in my specific case I 
cannot do that just yet.

Is there a way of allowing smbclient to connect to ntlmv2 or downward 
protocols optionally as this makes sense in this specific case?
I understand that what I'm asking for may be considered non-ideal but 
I'd still like to know...


Hari Sekhon

More information about the samba mailing list