[Samba] samba 4.5.10 and old clients with NTLMv1
Andrew Walker
walker.aj325 at gmail.com
Thu Jul 27 10:41:09 UTC 2017
In an AD environment, it's better to push out a GPO to force WindowsXP to
use NTLMv2. I believe it's under "Security Settings" -> "Local Security
Policy" -> "Security Options" -> "Network security: LAN Manager
authentication level". Change the value to "Send NTLMv2 response
only\refuse LM and NTLM"
If there's no AD involved, you can manually change the associated Windows
registry entry "LmCompatibilityLevel" to "3". I believe it is under "
HKLM\SYSTEM\CurrentControlSet\Control\Lsa"
On Thu, Jul 27, 2017 at 4:18 AM, Stefan G. Weichinger via samba <
samba at lists.samba.org> wrote:
>
> At a customer they still have some old VMs around that run Windows XP.
>
> Yes, I already provided them with newer VMs ... but the users still
> need/want the old machines as well.
>
> Now the batch file with the "net use" statements fail, as far as I have
> researched because of the weak and outdated NTLMv1:
>
> [2017/07/27 11:11:08.538343, 2]
> ../libcli/auth/ntlm_check.c:424(ntlm_password_check)
> ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user vmuser1
>
> I assume I can enable that via the parameter "ntlm auth = yes"?
> Currently it is "no", sure.
>
> It's a global parameter, according to the man page, is there a way to
> only enable NTLMv1 for this specific share?
>
> thanks, regards, Stefan
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list