[Samba] "lanman auth" question

[ToddAndMargo]

> On 10/02/17 17:16, ToddAndMargo via samba wrote:
>> Hi All,
>>
>> Server:
>>    Fedora 26
>>    samba-4.6.8-0.fc26.x86_64
>>
>> Workstations (5 of them):
>>    XP Pro SP3
>>
>>
>> I set all five of my customer XP workstations to
>>
>> Send NTLMv2 response only\\refuse LM and NTLM
>>
>> and turned off (smb.conf)
>>
>>   lanman auth = yes
>>   ntlm auth = yes
>>
>> And had to turn it right back on as the customer's
>> Xerox Workcentre 3550 multifunction printer scanner
>> requires it
>>
>> What are the security ramification to Samba?
>>
>> Many thanks,
>> -T
>> Tony Ewell, B.S.E.E.
>> Owner, Rent-A-Nerd Computer Services
>> 775-265-5150,  9:00 am to 5:00 pm PST/PDT
>>
>>
>> Error from the scanner:
>>
>> Destination 1      : Status....Failed
>> Status Details     : username or password is wrong
>> Friendly Name      : WorkCenter
>> Server Name        : 192.168.255.12
>> Path               : scans
>> Protocol           : SMB
>> Filing Policy      : CHANGENAME
>> Document Name      : 1

On 10/02/2017 03:49 PM, Gaiseric Vandal via samba wrote:
 > lanman should always be disabled.  use "testparm -v" to make sure the
 > settings are applied as you expect.  With different samba versions, the
 > defaults may change.
 >
 > I don't think you can disable ntlmv1 but leave ntlmv2 enabled.  I could
 > be wrong.          NTLMv2 is stronger.     And I think clients will
 > negotiate the strongest common protocol.      If you are in a small
 > network where you can see what is getting added, and you are using
 > ethernet switches (not ethernet hubs) to minimize packet capture, you
 > should be OK.     (unless you are designing the next stealth
 > fighter.)     Best practices would dictate NTLMv2 if possible.
 >
 >
 > I would try disabling lanman, leaving ntlm enabled and see if the xerox
 > works.

If I disable (as I did), then the scanner won't save to smb.
So, I am stuck with it.