[Samba] SAMBA 4.5.0

Rowland Penny rpenny at samba.org
Mon Oct 10 09:31:02 UTC 2016 

On Mon, 10 Oct 2016 10:30:24 +0200
Micha Ballmann via samba <samba at lists.samba.org> wrote:

> Hello Helper,
>  
> i found this bug report:
>  
> https://bugzilla.samba.org/show_bug.cgi?id=12252
>  
> At this time i have a samba 4.1.6 Domain Controller and
> Freeradius-Server. The authentication works pretty well in 4.1.6. Now
> I built a new Domain Controller from source, version 4.5.0. The
> configuration like 4.1.6, but now I have an authentication issue.
> There is no helpfull information in freeradius log :(. Briefly, cant
> authenticate my users over freeradius with SAMBA 4.5.0. I guess the
> bug report answered my question. Do you think SAMBA4 will
> provide/activate this function again in next patch? Or i really have
> to modify the source code? Is it possible to make the changes in
> source code and "over" install it to the current system? With best
> regards Micha

If you read the release notes for 4.5.0, you will find this:

NTLMv1 authentication disabled by default
-----------------------------------------

In order to improve security we have changed
the default value for the "ntlm auth" option from
"yes" to "no". This may have impact on very old
clients which doesn't support NTLMv2 yet.

The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.

By default, Samba will only allow NTLMv2 via NTLMSSP now,
as we have the following default "lanman auth = no",
"ntlm auth = no" and "raw NTLMv2 auth = no".

If you must use the insecure 'ntlm', I am sure you can work out from
the above what you must add to smb.conf

Personally, I think freeradius need to up their game, I found this on
their wiki, under the heading 'guide/FreeRADIUS Active Directory
Integration HOWTO'

The following components are required to install the access control solution:

    A Linux/Unix server (only Linux is covered)
    FreeRADIUS 3.0.x
    Samba 3.0.x
    Openssl
    Cisco Catalyst Switch
    Windows >= Win2K SP4 XP

As anbody told freeradius that the Samba 3.0.x series went EOL in 2009 ?
and that Win2K & XP are also EOL ?

And people complain about the Samba wiki LOL

Rowland

More information about the samba mailing list