[Samba] How to force NTLMv1 on server side?
synfinatic at gmail.com
Wed Oct 7 12:14:35 MDT 2009
I know NTLMv1 isn't secure and NTLMv2 is better. But I need to test a
client's NTMLv1 compatibility when the server does not support NTLMv2
and to do that I need samba (current version 3.0.33 via CentOS 4) to
not try to negotiate NTMLv2. All the searches I've done tell me how
to enable NTLMv2, but specifying:
encrypt passwords = yes
ntlm auth = yes
lanman auth = no
Does not cause Samba to mark the Negotiate NTLMv2 Key bit as disabled
in the NTLMSSP Flags message sent by the server.
Ideally this would be done inside of GSS/SPENGO (which is what is
currently happening), but I'm willing to use raw NTLMSSP if that is
necessary. I'm also willing to use a different version of Samba if
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
-- Benjamin Franklin
More information about the samba