[Samba] new Win7 security setting broke Samba

Andrew Bartlett abartlet at samba.org
Thu Oct 25 04:47:03 MDT 2012

On Wed, 2012-10-24 at 08:48 -0500, Snyder, Gabrielle S. (LARC-D322)[HP
ES] wrote:
> Good day all!
> I administer two Samba servers (RHEL 4.5) which, up to recently, had
> been working well.  Our security officials changed the LAN Manager
> group policy for the new Win7 systems from 'Send NTLMv2 response only;
> Refuse LM'  to 'Send NTLMv2 response only; Refuse LM & NTLM'.   We
> were running samba 3.0.33.  I have upgraded to 3.6.8-44.  I have tried
> a variety of different smb.conf file options to get the new version to
> work with the mandated security policy.  We only use Samba to map
> Linux shares onto Win7 clients.  The Win7 clients are part of a domain
> but the Linux servers are not.
> Any help with how to setup Samba to work in this environment would be
> greatly appreciated.

Can you send in your smb.conf?

Samba has, since 3.0, accepted NTLMv2 passwords, so something else is
going wrong here.  Perhaps they also set a smb signing policy, and you
didn't enable smb signing, or you are running 'security=server', which
is incompatible with NTLMv2?

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list