[Samba] ntlm_auth and SMBv2/v3
Andrew Bartlett
abartlet at samba.org
Thu Jun 8 19:36:17 UTC 2017
On Thu, 2017-06-08 at 15:30 +0200, L.P.H. van Belle via samba wrote:
> hai,
>
> Please keep it mailing to the list, this way is shows up of others also.
> A workaround for disabling SMBv1, you can make your server less secure but thats not what i would do.
>
> Setting these to enable NTLM v1 again.
>
> lanman auth = yes
NEVER set this.
> ntlm auth = yes
This enables NTLMv1. To be clear, this isn't related to SMBv1. This
is the only change required to re-enable MSCHAPv2. I plan to create a
ntlm auth = mschapv2-only option (indeed I have been given such a
patch) but I need to finish the test.
> raw NTLMv2 auth = yes
This only applies to NTLMv2 on SMBv1, and should also NEVER be set for
modern networks.
I'm mentioning this because Samba folklore grows so quickly, and folks
rapidly paste in whatever setting they find, even if they reduce
security dramatically.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list