[Samba] ntlm_auth and SMBv2/v3
L.P.H. van Belle
belle at bazuin.nl
Thu Jun 8 13:30:42 UTC 2017
hai,
Please keep it mailing to the list, this way is shows up of others also.
A workaround for disabling SMBv1, you can make your server less secure but thats not what i would do.
Setting these to enable NTLM v1 again.
lanman auth = yes
ntlm auth = yes
raw NTLMv2 auth = yes
I think also this is more a question for the free raduis list, but i would to for a ldap(s) setup.
just dont mixup these to : start_tls and tls_mode to connect to port 636 on a samba AD DC, you need :
start_tls=no and tls_mode = yes
My preffered auth order if the app allows it.
kerberos
ldap(s)
ntlm as last resort.
Best regards,
Louis
Van: Arnab Roy [mailto:arniekol at gmail.com]
Verzonden: donderdag 8 juni 2017 15:07
Aan: L.P.H. van Belle
Onderwerp: Re: [Samba] ntlm_auth and SMBv2/v3
Are their any plans finding a work around for this..as their tremendous amount of security paranoia related to smbv1 now...
On 8 Jun 2017 13:54, "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Arnab Roy via samba
> Verzonden: donderdag 8 juni 2017 14:23
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] ntlm_auth and SMBv2/v3
>
> Hi ,
>
> I just need some clarification ;
>
> We currently use ntlm_auth + winbind for AD auth on
> Freeradius, will disabling SMBv1 break authentication for
> ntlm_auth + Freeradius ?
Yes
>
> Many Thanks
> Arnab
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list