[Samba] SAMBA 4.5.0
Tim Dittler
tim.dittler at rosalux.org
Thu Oct 13 07:26:38 UTC 2016
Just a note: I read the changelog and was aware of the change. However,
I was not aware, that almost none of our network scanners would support
NTLMv2. Different models and brands.
Therefore, I was forced to revert this change.
Best regards,
Tim
On 10.10.2016 11:31, Rowland Penny via samba wrote:
> If you read the release notes for 4.5.0, you will find this:
> NTLMv1 authentication disabled by default
> -----------------------------------------
>
> In order to improve security we have changed
> the default value for the "ntlm auth" option from
> "yes" to "no". This may have impact on very old
> clients which doesn't support NTLMv2 yet.
>
> The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.
>
> By default, Samba will only allow NTLMv2 via NTLMSSP now,
> as we have the following default "lanman auth = no",
> "ntlm auth = no" and "raw NTLMv2 auth = no".
>
> If you must use the insecure 'ntlm', I am sure you can work out from
> the above what you must add to smb.conf
>
More information about the samba
mailing list