[Samba] ntlm_auth and SMBv2/v3
Arnab Roy
arniekol at gmail.com
Thu Jun 8 20:50:13 UTC 2017
Hi Andrew,
That is fantastic news I am running 4.5.10
So just to be clear I just need ntlm auth = yes
In smb.conf and all should continue to work?
Many Thanks for the clarification
Arnab
On 8 Jun 2017 20:36, "Andrew Bartlett" <abartlet at samba.org> wrote:
> On Thu, 2017-06-08 at 15:30 +0200, L.P.H. van Belle via samba wrote:
> > hai,
> >
> > Please keep it mailing to the list, this way is shows up of others also.
> > A workaround for disabling SMBv1, you can make your server less secure
> but thats not what i would do.
> >
> > Setting these to enable NTLM v1 again.
> >
> > lanman auth = yes
>
> NEVER set this.
>
> > ntlm auth = yes
>
> This enables NTLMv1. To be clear, this isn't related to SMBv1. This
> is the only change required to re-enable MSCHAPv2. I plan to create a
> ntlm auth = mschapv2-only option (indeed I have been given such a
> patch) but I need to finish the test.
>
> > raw NTLMv2 auth = yes
>
> This only applies to NTLMv2 on SMBv1, and should also NEVER be set for
> modern networks.
>
> I'm mentioning this because Samba folklore grows so quickly, and folks
> rapidly paste in whatever setting they find, even if they reduce
> security dramatically.
>
> Thanks,
>
> Andrew Bartlett
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT http://catalyst.net.nz/
> services/samba
>
>
More information about the samba
mailing list