[Samba] How to force NTLMv1 on server side?

Aaron Turner synfinatic at gmail.com
Wed Oct 7 12:14:35 MDT 2009

I know NTLMv1 isn't secure and NTLMv2 is better.  But I need to test a
client's NTMLv1 compatibility when the server does not support NTLMv2
and to do that I need samba (current version 3.0.33 via CentOS 4) to
not try to negotiate NTMLv2.  All the searches I've done tell me how
to enable NTLMv2, but specifying:

        encrypt passwords = yes
        ntlm auth = yes
        lanman auth = no

Does not cause Samba to mark the Negotiate NTLMv2 Key bit as disabled
in the NTLMSSP Flags message sent by the server.

Ideally this would be done inside of GSS/SPENGO (which is what is
currently happening), but I'm willing to use raw NTLMSSP if that is
necessary.  I'm also willing to use a different version of Samba if


Aaron Turner
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin

More information about the samba mailing list