[Samba] Password server behaves differently for clients from Windows 7 Professional and Windows 7 Enterprise

Andrew Bartlett abartlet at samba.org
Mon May 6 03:46:53 MDT 2013

On Fri, 2013-05-03 at 16:50 -0400, Bryan Chan wrote:
> Hi,
> I have been using Samba as a file server and a domain controller in a mixed
> AIX/Windows environment for a long time. Due to changes in the network
> infrastructure in my lab, I have to stop using my own LDAP server and Samba
> domain controller, and migrate all my user accounts to a central
> proprietary
> directory server. On AIX, I now use a proprietary loadable authentication
> module on AIX to talk to that server. To Samba, the accounts just look like
> local accounts, except that passwords are not managed locally.
> I want to continue serving files using Samba on my AIX box, but I cannot
> use a
> local smbpasswd file because there is no way to sync passwords between the
> proprietary server with the local smbpasswd file. So I tried using server
> security and delegating authentication to a SMB interface provided by the
> directory server. Here are the relevant parts of my smb.conf:
> netbios name = MILAN
> security = server

As you have found, security=server is a bad idea, and for this reason
has been removed from Samba 4.0. 

In particular, it is incompatible with NTLMv2, which is used by your
more modern clients listed here.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list