[Samba] "lanman auth" question
ToddAndMargo at zoho.com
Mon Oct 2 23:08:53 UTC 2017
> On 10/02/17 17:16, ToddAndMargo via samba wrote:
>> Hi All,
>> Fedora 26
>> Workstations (5 of them):
>> XP Pro SP3
>> I set all five of my customer XP workstations to
>> Send NTLMv2 response only\\refuse LM and NTLM
>> and turned off (smb.conf)
>> lanman auth = yes
>> ntlm auth = yes
>> And had to turn it right back on as the customer's
>> Xerox Workcentre 3550 multifunction printer scanner
>> requires it
>> What are the security ramification to Samba?
>> Many thanks,
>> Tony Ewell, B.S.E.E.
>> Owner, Rent-A-Nerd Computer Services
>> 775-265-5150, 9:00 am to 5:00 pm PST/PDT
>> Error from the scanner:
>> Destination 1 : Status....Failed
>> Status Details : username or password is wrong
>> Friendly Name : WorkCenter
>> Server Name : 192.168.255.12
>> Path : scans
>> Protocol : SMB
>> Filing Policy : CHANGENAME
>> Document Name : 1
On 10/02/2017 03:49 PM, Gaiseric Vandal via samba wrote:
> lanman should always be disabled. use "testparm -v" to make sure the
> settings are applied as you expect. With different samba versions, the
> defaults may change.
> I don't think you can disable ntlmv1 but leave ntlmv2 enabled. I could
> be wrong. NTLMv2 is stronger. And I think clients will
> negotiate the strongest common protocol. If you are in a small
> network where you can see what is getting added, and you are using
> ethernet switches (not ethernet hubs) to minimize packet capture, you
> should be OK. (unless you are designing the next stealth
> fighter.) Best practices would dictate NTLMv2 if possible.
> I would try disabling lanman, leaving ntlm enabled and see if the xerox
If I disable (as I did), then the scanner won't save to smb.
So, I am stuck with it.
More information about the samba