[Samba] ntlm_auth and SMBv2/v3

Arnab Roy arniekol at gmail.com
Thu Jun 8 20:50:13 UTC 2017


Hi Andrew,

That is fantastic news I am running 4.5.10

So just to be clear I just need ntlm auth = yes

In smb.conf and all should continue to work?

Many Thanks for the clarification

Arnab

On 8 Jun 2017 20:36, "Andrew Bartlett" <abartlet at samba.org> wrote:

> On Thu, 2017-06-08 at 15:30 +0200, L.P.H. van Belle via samba wrote:
> > hai,
> >
> > Please keep it mailing to the list, this way is shows up of others also.
> > A workaround for disabling SMBv1, you can make your server less secure
> but thats not what i would do.
> >
> > Setting these to enable NTLM v1 again.
> >
> > lanman auth = yes
>
> NEVER set this.
>
> > ntlm auth = yes
>
> This enables NTLMv1.  To be clear, this isn't related to SMBv1.  This
> is the only change required to re-enable MSCHAPv2.  I plan to create a
> ntlm auth = mschapv2-only option (indeed I have been given such a
> patch) but I need to finish the test.
>
> > raw NTLMv2 auth = yes
>
> This only applies to NTLMv2 on SMBv1, and should also NEVER be set for
> modern networks.
>
> I'm mentioning this because Samba folklore grows so quickly, and folks
> rapidly paste in whatever setting they find, even if they reduce
> security dramatically.
>
> Thanks,
>
> Andrew Bartlett
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/
> services/samba
>
>


More information about the samba mailing list